Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jquery vulnerabilities #132

Open
mrmuskrat opened this issue May 21, 2019 · 1 comment
Open

jquery vulnerabilities #132

mrmuskrat opened this issue May 21, 2019 · 1 comment
Labels
javascript/jquery Problems with .js and related files

Comments

@mrmuskrat
Copy link

jquery 1.12.4 has two known vulnerabilities. You should update to jquery 3.4.0 or later.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9251 fixed by jquery 3.0.0

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358 fixed by jquery 3.4.0

http://jquery.com/download/ is showing 3.4.1 as the latest version.

jQuery CDN https://code.jquery.com/jquery-3.4.1.min.js
@rurban
Copy link
Contributor

rurban commented Jun 5, 2019
edited
Loading

I got the same warning here perl11/cperl#398 from Whitesource, nice tool.
Unfortunately a simple upgrade to 3.4.1 will destroy the table header layout, it will be at position 0,0, not at the table anymore. something with jquery.floatThead I guess
The recommended migration helper didn't help much, so I fear this needs a javascript programmer to fix.

The problem is only if the generated pages are public.

[UPDATE] figured it out. Only some css names changed. See #133

@rurban rurban mentioned this issue Jun 6, 2019
Closed
@jkeenan jkeenan mentioned this issue May 4, 2021
Merged
jkeenan added a commit to jkeenan/devel-nytprof that referenced this issue May 4, 2021
@jkeenan
Update MANIFEST
c32c1d5 
In response to timbunce#132
filed by Matthew Musgrove.

Based on timbunce#133 by Reini
Urban.
@jkeenan jkeenan added the javascript/jquery Problems with .js and related files label Sep 27, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
javascript/jquery Problems with .js and related files
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

CVE-2019-11358 jquery-1.12.4.js update to latest rurban/devel-nytprof
3 participants
@mrmuskrat @rurban @jkeenan