You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Christanto (JIRA)" <ji...@apache.org> on 2018/08/06 14:16:00 UTC
[jira] [Updated] (FELIX-5893) Security bug CVE-2015-9251
[ https://issues.apache.org/jira/browse/FELIX-5893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christanto updated FELIX-5893:
------------------------------
Attachment: FELIX-5893.diff
> Security bug CVE-2015-9251
> --------------------------
>
> Key: FELIX-5893
> URL: https://issues.apache.org/jira/browse/FELIX-5893
> Project: Felix
> Issue Type: Bug
> Components: Console
> Affects Versions: webconsole-4.3.4
> Reporter: Varun Ganesh
> Priority: Major
> Attachments: FELIX-5893.diff
>
>
> Hi Experts,
> In our product we are using Sling version 6 in one of our release.(Working on Migration to Sling 10 for next versions)
> Recently we came across a security bug CVE-2015-9251.
> (CVE-2015-9251 is a vulnerability to allow an attacker to execute arbitrary code when text/javascript responses are received from cross-origin ajax requests not containing the option `dataType`. Its CVSS score is 6.1 in NVD.).
>
> To fix this an up-gradation of jQuery to versions greater than 3.0.0 is required.
>
> In our product we are using felix web console dependency which contains jQuery of version 1.3.2.js.
>
> As part of the fix for the security bug we need to upgrade the jQuery in the jar that are mentioned above.
> For that we checked the latest versions for the above mentioned jars and identified that the jQuery versions are not above v3.0.0.
> So could you please help us in upgrading them as soon as possible.
>
> Thanks,
> Varun.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)