SpokeyWheeler/informix-text-exporter

CVE-2015-9251 (Medium) detected in jquery-1.6.4rc1

Closed this issue · 0 comments

mend-bolt-for-github commented

CVE-2015-9251 - Medium Severity Vulnerability

Vulnerable Library - jquery1.6.4rc1

jQuery JavaScript Library

Library home page: https://github.com/jquery/jquery.git

Found in HEAD commit: cb1616e699f4ab2cb38b908f85d85549fba56f72

Library Source Files (38)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /informix-text-exporter/node_modules/jq/support/jquery/test/unit/event.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/unit/dimensions.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/unit/css.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/unit/core.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/unit/attributes.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/data/support/../../../src/ajax/xhr.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/unit/traversing.js
  • /informix-text-exporter/node_modules/jq/support/jquery/speed/jquery-basis.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/unit/queue.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/csp.php
  • /informix-text-exporter/node_modules/jq/support/jquery/test/data/support/../../../src/dimensions.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/unit/offset.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/data/support/../../../src/traversing.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/data/readywaitloader.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/unit/support.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/data/support/../../../src/ajax/jsonp.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/../src/effects.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/data/support/../../../src/deferred.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/data/offset/../../../src/core.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/data/support/../../../src/ajax/script.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/unit/deferred.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/data/support/../../../src/support.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/data/testinit.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/data/testrunner.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/../src/queue.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/../src/attributes.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/unit/ajax.js
  • /informix-text-exporter/node_modules/jq/support/jquery/speed/benchmarker.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/data/offset/../../../src/data.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/data/offset/../../../src/offset.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/../src/event.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/unit/effects.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/unit/manipulation.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/../src/manipulation.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/unit/data.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/polluted.php
  • /informix-text-exporter/node_modules/jq/support/jquery/test/data/support/../../../src/ajax.js
  • /informix-text-exporter/node_modules/jq/support/jquery/test/data/support/../../../src/css.js

Vulnerability Details

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Publish Date: 2018-01-18

URL: CVE-2015-9251

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251

Release Date: 2018-01-18

Fix Resolution: jQuery - v3.0.0

Step up your Open Source Security Game with WhiteSource here