dhis2-club-tanzania / integration-app

0 stars 0 forks source link

CVE-2015-9521 (Medium) detected in multiple libraries #39

Open mend-bolt-for-github[bot] opened 4 years ago

mend-bolt-for-github[bot] commented 4 years ago

CVE-2015-9521 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-1.11.1.js, jquery-1.4.4.min.js, jquery-1.7.1.min.js

jquery-1.11.1.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.js

Path to dependency file: /tmp/ws-scm/integration-app/node_modules/unix-crypt-td-js/test/test.html

Path to vulnerable library: /integration-app/node_modules/unix-crypt-td-js/test/test.html

Dependency Hierarchy: - :x: **jquery-1.11.1.js** (Vulnerable Library)

jquery-1.4.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.4.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/integration-app/node_modules/selenium-webdriver/lib/test/data/mousePositionTracker.html

Path to vulnerable library: /integration-app/node_modules/selenium-webdriver/lib/test/data/js/jquery-1.4.4.min.js

Dependency Hierarchy: - :x: **jquery-1.4.4.min.js** (Vulnerable Library)

jquery-1.7.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/integration-app/node_modules/sockjs/examples/hapi/html/index.html

Path to vulnerable library: /integration-app/node_modules/sockjs/examples/hapi/html/index.html,/integration-app/node_modules/sockjs/examples/echo/index.html,/integration-app/node_modules/sockjs/examples/express-3.x/index.html,/integration-app/node_modules/vm-browserify/example/run/index.html,/integration-app/node_modules/sockjs/examples/multiplex/index.html

Dependency Hierarchy: - :x: **jquery-1.7.1.min.js** (Vulnerable Library)

Found in HEAD commit: aebb1680fded563217304a054f06fb2f51e5a33d

Vulnerability Details

The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.

Publish Date: 2019-10-23

URL: CVE-2015-9521

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://github.com/jquery/jquery/commit/b078a62013782c7424a4a61a240c23c4c0b42614

Release Date: 2019-10-23

Fix Resolution: 2.2.0


Step up your Open Source Security Game with WhiteSource here

issue-label-bot[bot] commented 4 years ago

Issue-Label Bot is automatically applying the label bug to this issue, with a confidence of 0.80. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!

Links: app homepage, dashboard and code for this bot.