You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Abhishek Garg (Jira)" <ji...@apache.org> on 2020/12/08 08:40:00 UTC
[jira] [Created] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable
to CVE-2020-11023
Abhishek Garg created FELIX-6366:
------------------------------------
Summary: 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023
Key: FELIX-6366
URL: https://issues.apache.org/jira/browse/FELIX-6366
Project: Felix
Issue Type: Bug
Components: Web Console
Reporter: Abhishek Garg
jQuery versions greater than or equal to 1.0.3 and before 3.5.0 are vulnerable to CVE-2020-11023 [0] .
The webconsole currently uses jQuery 3.4.1 see [1]. jQuery >= 3.5.0 addresses this issues [https://blog.jquery.com/2020/05/04/jquery-3-5-1-released-fixing-a-regression/]
I'd propose upgrading to jQuery 3.5.1 and jQuery migrate from 3.1.0 to 3.3.0 to address this
[0]:[https://nvd.nist.gov/vuln/detail/CVE-2020-11023#vulnCurrentDescriptionTitle
[1] :https://github.com/apache/felix-dev/blob/master/webconsole/src/main/resources/res/lib/jquery-3.4.1.js
[2]|https://nvd.nist.gov/vuln/detail/CVE-2020-11023#vulnCurrentDescriptionTitle] : [https://jquery.com/upgrade-guide/3.5/]
[3]: [https://code.jquery.com/jquery-migrate-3.3.0.js]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)