search

Bangtrongtuyet / phpmyAdmin

GNU General Public License v2.0
0 stars 0 forks source link

CVE-2019-5428 (Medium) detected in jquery-1.12.4 - autoclosed #5

Closed mend-bolt-for-github[bot] closed 2 years ago

mend-bolt-for-github[bot] commented 5 years ago

CVE-2019-5428 - Medium Severity Vulnerability

Vulnerable Library - jquery1.12.4

jQuery JavaScript Library

Library home page: https://github.com/jquery/jquery.git

Found in HEAD commit: fbd634d4c1d668e77ad15cdb38c4a85db5c75002

Library Source Files (42)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

- /phpmyAdmin/js/jquery/src/jquery/ajax/script.js - /phpmyAdmin/js/jquery/src/jquery/attributes/support.js - /phpmyAdmin/js/jquery/src/jquery/support.js - /phpmyAdmin/js/jquery/src/jquery/core/init.js - /phpmyAdmin/js/jquery/src/jquery/css.js - /phpmyAdmin/js/jquery/src/jquery/effects.js - /phpmyAdmin/js/jquery/src/jquery/attributes/classes.js - /phpmyAdmin/js/jquery/src/jquery/effects/Tween.js - /phpmyAdmin/js/jquery/src/jquery/ajax.js - /phpmyAdmin/js/jquery/src/jquery/data.js - /phpmyAdmin/js/jquery/src/jquery/ajax/parseJSON.js - /phpmyAdmin/js/jquery/src/jquery/traversing/findFilter.js - /phpmyAdmin/js/jquery/src/jquery/core/ready.js - /phpmyAdmin/js/jquery/src/jquery/queue.js - /phpmyAdmin/js/jquery/src/jquery/ajax/xhr.js - /phpmyAdmin/js/jquery/src/jquery/dimensions.js - /phpmyAdmin/js/jquery/src/jquery/offset.js - /phpmyAdmin/js/jquery/src/jquery/sizzle/test/data/testinit.js - /phpmyAdmin/js/jquery/src/jquery/manipulation.js - /phpmyAdmin/js/jquery/src/jquery/css/support.js - /phpmyAdmin/js/jquery/src/jquery/sizzle/test/unit/extending.js - /phpmyAdmin/js/jquery/src/jquery/callbacks.js - /phpmyAdmin/js/jquery/src/jquery/css/addGetHookIf.js - /phpmyAdmin/js/jquery/src/jquery/event/support.js - /phpmyAdmin/js/jquery/src/jquery/effects/support.js - /phpmyAdmin/js/jquery/src/jquery/attributes/attr.js - /phpmyAdmin/js/jquery/src/jquery/ajax/load.js - /phpmyAdmin/js/jquery/src/jquery/traversing.js - /phpmyAdmin/js/jquery/src/jquery/wrap.js - /phpmyAdmin/js/jquery/src/jquery/manipulation/support.js - /phpmyAdmin/js/jquery/src/jquery/event.js - /phpmyAdmin/js/jquery/src/jquery/deferred.js - /phpmyAdmin/js/jquery/src/jquery/attributes/val.js - /phpmyAdmin/js/jquery/src/jquery/core.js - /phpmyAdmin/js/jquery/src/jquery/attributes/prop.js - /phpmyAdmin/js/jquery/src/jquery/sizzle/test/unit/selector.js - /phpmyAdmin/js/jquery/src/jquery/css/curCSS.js - /phpmyAdmin/js/jquery/src/jquery/core/access.js - /phpmyAdmin/js/jquery/src/jquery/css/defaultDisplay.js - /phpmyAdmin/js/jquery/src/jquery/sizzle/test/unit/utilities.js - /phpmyAdmin/js/jquery/src/jquery/intro.js - /phpmyAdmin/js/jquery/src/jquery/exports/global.js

Vulnerability Details

A prototype pollution vulnerability exists in jQuery versions < 3.4.0 that allows an attacker to inject properties on Object.prototype.

Publish Date: 2019-04-22

URL: CVE-2019-5428

CVSS 2 Score Details (5.6)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

Release Date: 2019-04-22

Fix Resolution: 3.4.0

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github[bot] commented 2 years ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.