search

ScarfonicTechafadfa / zerhuel-online-platform

A business to business platform for Buy and selling products, with having upgrading accounts with mixture of leveraging and benefits
GNU General Public License v3.0
0 stars 1 forks source link

WS-2017-0195 Medium Severity Vulnerability detected by WhiteSource #8

Open mend-bolt-for-github[bot] opened 5 years ago

mend-bolt-for-github[bot] commented 5 years ago

WS-2017-0195 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-1.12.4.js, jquery-1.9.1.min.js

jquery-1.12.4.js

JavaScript library for DOM operations

path: /zerhuel-online-platform/xx_public/assets/themes/corastore/vendor/jqueryui/external/jquery/jquery.js

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.js

Dependency Hierarchy: - :x: **jquery-1.12.4.js** (Vulnerable Library)
jquery-1.9.1.min.js

JavaScript library for DOM operations

path: /zerhuel-online-platform/xx_public/assets/themes/default/js/jquery-1.9.1.min.js

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js

Dependency Hierarchy: - :x: **jquery-1.9.1.min.js** (Vulnerable Library)

Found in HEAD commit: 53adf471a707419dfe40ccb6f77c78f9c2216a00

Vulnerability Details

In v2.2.4 and previous, a lowercasing logic was used on the attribute names and was removed in v3.0.0. Because of this, boolean attributes whose names were not all lowercase cause infinite recursion, and will exceed the stack call limit.

Publish Date: 2017-04-15

URL: WS-2017-0195

CVSS 2 Score Details (5.3)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: https://github.com/jquery/jquery/commit/d12e13de19303b497cc99ddceb280d9d4d53ee5c

Release Date: 2016-05-29

Fix Resolution: Replace or update the following files: attr.js, attributes.js

Step up your Open Source Security Game with WhiteSource here