search

ilan-WS / cloudify-stage

Cloudify's New UI Framework
Apache License 2.0
0 stars 0 forks source link

CVE-2024-30875 (High) detected in jquery-ui-1.12.1.tgz - autoclosed #197

Closed mend-for-github-com[bot] closed 1 week ago

mend-for-github-com[bot] commented 2 weeks ago

CVE-2024-30875 - High Severity Vulnerability

Vulnerable Library - jquery-ui-1.12.1.tgz

A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.

Library home page: https://registry.npmjs.org/jquery-ui/-/jquery-ui-1.12.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/jquery-ui/package.json

Dependency Hierarchy: - :x: **jquery-ui-1.12.1.tgz** (Vulnerable Library)

Found in HEAD commit: 50731d7b248d2728e4e5fda6648192e5a322f08c

Found in base branch: master

Vulnerability Details

Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component.

Publish Date: 2024-10-17

URL: CVE-2024-30875

CVSS 3 Score Details (7.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low

For more information on CVSS3 Scores, click here.

mend-for-github-com[bot] commented 1 week ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.