Please update jQuery to 1.12.0 or higher

Question

Please update jQuery to 1.12.0 or higher

tuergeist opened this issue 4 years ago · 1 comments

Vulnerable javascript library: jQuery version: 1.11.3

Details:
CVE-2015-9251: jQuery versions on or above 1.4.0 and below 1.12.0 (version 1.12.3 and above but below 3.0.0-beta1 as well) are vulnerable to XSS via 3rd party text/javascript responses(3rd party CORS request may execute). (jquery/jquery#2432).
Solution: jQuery version 1.12.0 has been released to address the issue (http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/). NOTE: Fix was reverted back in 1.12.2, so version 1.12.3 and above but below 3.0.0-beta1 are vulnerable as well. Please refer to vendor documentation (https://blog.jquery.com/) for the latest security updates.

Answer 1 · 2020-08-03T10:06:12.000Z

we use a paid version of Jet :)