Skip to content
This repository has been archived by the owner on May 17, 2021. It is now read-only.

WS-2016-0090 (Medium) detected in jquery-1.7.2.min.js #23

Open
mend-bolt-for-github bot opened this issue Oct 17, 2019 · 0 comments
Open

WS-2016-0090 (Medium) detected in jquery-1.7.2.min.js #23

mend-bolt-for-github bot opened this issue Oct 17, 2019 · 0 comments
Labels
security vulnerability Security vulnerability detected by WhiteSource

Comments

@mend-bolt-for-github
Copy link
Contributor

WS-2016-0090 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.7.2.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js

Path to dependency file: /tmp/ws-scm/msk_demo/node_modules/jmespath/index.html

Path to vulnerable library: /msk_demo/node_modules/jmespath/index.html

Dependency Hierarchy:

  • jquery-1.7.2.min.js (Vulnerable Library)

Found in HEAD commit: c33e36d1dc05f505e7855f5150c82e27b742037b

Vulnerability Details

JQuery, before 2.2.0, is vulnerable to Cross-site Scripting (XSS) attacks via text/javascript response with arbitrary code execution.

Publish Date: 2016-11-27

URL: WS-2016-0090

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jquery/jquery@b078a62

Release Date: 2019-04-08

Fix Resolution: 2.2.0

Step up your Open Source Security Game with WhiteSource here
@mend-bolt-for-github mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Oct 17, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
security vulnerability Security vulnerability detected by WhiteSource
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants