Update dependency jquery to v3 [SECURITY]#9576
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
from
f3fb3e3 to
e36f83e
Compare
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
from
e36f83e to
77ea814
Compare
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
from
77ea814 to
481cf6a
Compare
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
from
481cf6a to
51e6dc7
Compare
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
from
51e6dc7 to
586908f
Compare
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
from
586908f to
596986e
Compare
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
from
596986e to
9d931c7
Compare
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
from
9d931c7 to
22e1465
Compare
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
2 times, most recently
from
49d1536 to
d9eeaa2
Compare
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
from
d9eeaa2 to
3279cd0
Compare
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
2 times, most recently
from
057f227 to
14bf11e
Compare
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
from
14bf11e to
162a3e2
Compare
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
from
162a3e2 to
5720314
Compare
renovate
Bot
changed the title
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
3 times, most recently
from
f273609 to
8227316
Compare
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
2 times, most recently
from
8030140 to
ee3edb9
Compare
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
from
ee3edb9 to
13bddf7
Compare
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
from
13bddf7 to
97b78f4
Compare
renovate
Bot
changed the title
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
3 times, most recently
from
a7c9720 to
9344695
Compare
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
2 times, most recently
from
cf05491 to
734e79f
Compare
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
2 times, most recently
from
36ea1ea to
e52c936
Compare
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
from
e52c936 to
2dab582
Compare
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
from
2dab582 to
5faa0f3
Compare
renovate
Bot
force-pushed
the
renovate/npm-jquery-vulnerability
branch
from
5faa0f3 to
6a1c364
Compare
Member
|
Checked commit 6a1c364 with ruby 3.3.10, rubocop 1.86.0, haml-lint 0.73.0, and yamllint 1.37.1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
~2.2.4→~3.5.0Potential XSS vulnerability in jQuery
CVE-2020-11023 / GHSA-jpcq-cgw6-v4j6
More information
Details
Impact
Passing HTML containing
<option>elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e..html(),.append(), and others) may execute untrusted code.Patches
This problem is patched in jQuery 3.5.0.
Workarounds
To workaround this issue without upgrading, use DOMPurify with its
SAFE_FOR_JQUERYoption to sanitize the HTML string before passing it to a jQuery method.References
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
For more information
If you have any questions or comments about this advisory, search for a relevant issue in the jQuery repo. If you don't find an answer, open a new issue.
Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Cross-Site Scripting (XSS) in jquery
CVE-2015-9251 / GHSA-rmxg-73gg-4p98
More information
Details
Affected versions of
jqueryinterprettext/javascriptresponses from cross-origin ajax requests, and automatically execute the contents injQuery.globalEval, even when the ajax request doesn't contain thedataTypeoption.Recommendation
Update to version 3.0.0 or later.
Severity
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
CVE-2019-11358 / GHSA-6c3j-c64m-qhgq
More information
Details
jQuery from 1.1.4 until 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles
jQuery.extend(true, {}, ...)because ofObject.prototypepollution. If an unsanitized source object contained an enumerable__proto__property, it could extend the nativeObject.prototype.Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NReferences