Defect #26857: Fix for CVE-2015-9251 in JQuery 1.11.1 - Redmine

Defect #26857

Fix for CVE-2015-9251 in JQuery 1.11.1

Added by Toshi MARUYAMA over 2 years ago. Updated almost 2 years ago.

Status:

Closed

Start date:

Priority:

Normal

Due date:

Assignee:

Jean-Philippe Lang

% Done:

Category:

Security

Target version:

3.3.7

Resolution:

Fixed

Affected version:

Description

Public message on Redmine forums: Vulnerable Javascript Library reported by Security Scanner

Github issue on jQuery: https://github.com/jquery/jquery/issues/2432

CVE-2015-9251 was assigned to this for jQuery.

0001-Don-t-eval-cross-origin-requests-in-jQuery-26857.patch (1.2 KB) Jan from Planio www.plan.io, 2018-01-30 12:00

Associated revisions

Revision 17272
Added by Jean-Philippe Lang almost 2 years ago

Fix for CVE-2015-9251 in JQuery 1.11.1 (#26857).

Patch by Gregor Schmidt.

Revision 17273
Added by Jean-Philippe Lang almost 2 years ago

Merged r17272 into 3.4-stable (#26857).

Revision 17274
Added by Jean-Philippe Lang almost 2 years ago

Merged r17272 into 3.3-stable (#26857).

History

#1 Updated by Jan from Planio www.plan.io almost 2 years ago

File 0001-Don-t-eval-cross-origin-requests-in-jQuery-26857.patch added
Description updated (diff)
Status changed from New to Resolved

Gregor Schmidt has provided an unobtrusive fix which doesn't require a jQuery update. You can find it attached.

#2 Updated by Jean-Philippe Lang almost 2 years ago

Project changed from Security to Redmine
Subject changed from Vulnerable jquery 1.11.1 to Fix for CVE-2015-9251 in JQuery 1.11.1
Category set to Security
Status changed from Resolved to Closed
Assignee set to Jean-Philippe Lang
Target version set to 3.3.7
Resolution set to Fixed

Committed, thanks.

Also available in: Atom PDF

Redmine

Issues