search

delphidabbler / codesnip

A code bank designed with Pascal in mind
https://delphidabbler.com/software/codesnip
Other
110 stars 33 forks source link

jQuery vulnerability per dependabot #9

Closed delphidabbler closed 4 years ago

delphidabbler commented 4 years ago

Details per dependabot

1 jquery vulnerability found in `…/3rdParty/jquery-1.8.0.min.js`

Remediation

Upgrade jquery to version 1.9.0 or later.

Details

Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that jquery may interpret HTML as selectors when given certain inputs, allowing for client side code execution.

delphidabbler commented 4 years ago

Fixed with hotfix release 4.17.2 (c2575d1)