[FELIX-6185] jQuery <3.4.0 is vulnerable to prototype pollution attacks - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: webconsole-4.3.16
Fix Version/s: webconsole-4.4.0
Component/s: Web Console
Labels:
- security

Description

jQuery prior to version 3.4.0 was vulnerable to prototype pollution (https://snyk.io/test/npm/jquery/3.3.1). The webconsole currently uses jQuery 3.3.1. jQuery >= 3.4.0 addresses this issues (https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/). I'd propose upgrading to jQuery 3.4.1 and jQuery migrate from 3.0.0 to 3.1.0 to address this issue.

Attachments

Activity

People

Assignee:: Carsten Ziegeler

Reporter:: Dale Clarke

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 23/Sep/19 22:38

Updated:: 11/Sep/23 05:08

Resolved:: 28/Sep/19 08:18