[CKAN-Security] Outdated jQuery 3.2.1 in CKAN 2.8.3
Adrià Mercader
adria.mercader at okfn.org
Fri Nov 29 09:46:05 UTC 2019
Hi Aaron,
Thanks for you report. We are aware of this issue and hope to update the
library for our next patch release.
We currently have many open fronts so if your team can help writing a patch
and testing it that would be a great help.
Thanks,
Adrià
On Thu, 28 Nov 2019 at 03:20, 'Aaron D Borden' via CKAN Security <
security at ckan.org> wrote:
> Hello,
>
> I noticed that bundled within CKAN 2.8.3 is jQuery 3.2.1 which is affected
> by several XSS vulnerabilities. I don't have a proof of concept, but I am
> wondering if this is planned to be addressed?
>
> https://nvd.nist.gov/vuln/detail/CVE-2019-11358
> https://nvd.nist.gov/vuln/detail/CVE-2019-11358
>
>
> --
> Aaron D Borden
> Lead Engineer | IT Specialist
> TTS | Data.gov <https://www.data.gov>
>
> --
> You received this message because you are subscribed to the Google Groups
> "CKAN Security" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to security+unsubscribe at ckan.org.
>
--
You received this message because you are subscribed to the Google Groups "CKAN Security" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security+unsubscribe at ckan.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/security/attachments/20191129/07584e89/attachment.html>
More information about the Security
mailing list