Defect #26857

Fix for CVE-2015-9251 in JQuery 1.11.1

Added by Toshi MARUYAMA about 4 years ago. Updated over 3 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:Security
Target version:3.3.7
Resolution:Fixed Affected version:

Description

Public message on Redmine forums: Vulnerable Javascript Library reported by Security Scanner

Github issue on jQuery: https://github.com/jquery/jquery/issues/2432

CVE-2015-9251 was assigned to this for jQuery.

0001-Don-t-eval-cross-origin-requests-in-jQuery-26857.patch Magnifier (1.2 KB) Jan from Planio www.plan.io, 2018-01-30 12:00

Associated revisions

Revision 17272
Added by Jean-Philippe Lang over 3 years ago

Fix for CVE-2015-9251 in JQuery 1.11.1 (#26857).

Patch by Gregor Schmidt.

Revision 17273
Added by Jean-Philippe Lang over 3 years ago

Merged r17272 into 3.4-stable (#26857).

Revision 17274
Added by Jean-Philippe Lang over 3 years ago

Merged r17272 into 3.3-stable (#26857).

History

#1 Updated by Jan from Planio www.plan.io over 3 years ago

Gregor Schmidt has provided an unobtrusive fix which doesn't require a jQuery update. You can find it attached.

#2 Updated by Jean-Philippe Lang over 3 years ago

  • Project changed from Security to Redmine
  • Subject changed from Vulnerable jquery 1.11.1 to Fix for CVE-2015-9251 in JQuery 1.11.1
  • Category set to Security
  • Status changed from Resolved to Closed
  • Assignee set to Jean-Philippe Lang
  • Target version set to 3.3.7
  • Resolution set to Fixed

Committed, thanks.

Also available in: Atom PDF