[CKAN-Security] Outdated jQuery 3.2.1 in CKAN 2.8.3

• Previous message: [CKAN-Security] Client Side XSS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Aaron,

Thanks for you report. We are aware of this issue and hope to update the
library for our next patch release.
We currently have many open fronts so if your team can help writing a patch
and testing it that would be a great help.

Thanks,

Adrià

On Thu, 28 Nov 2019 at 03:20, 'Aaron D Borden' via CKAN Security <
security at ckan.org> wrote:

> Hello,
>
> I noticed that bundled within CKAN 2.8.3 is jQuery 3.2.1 which is affected
> by several XSS vulnerabilities. I don't have a proof of concept, but I am
> wondering if this is planned to be addressed?
>
> https://nvd.nist.gov/vuln/detail/CVE-2019-11358
> https://nvd.nist.gov/vuln/detail/CVE-2019-11358
>
>
> --
> Aaron D Borden
> Lead Engineer | IT Specialist
> TTS | Data.gov <https://www.data.gov>
>
> --
> You received this message because you are subscribed to the Google Groups
> "CKAN Security" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to security+unsubscribe at ckan.org.
>

-- 
You received this message because you are subscribed to the Google Groups "CKAN Security" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security+unsubscribe at ckan.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/security/attachments/20191129/07584e89/attachment.html>

• Previous message: [CKAN-Security] Client Side XSS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]