The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." The package maintainer disputes the validity of this vulnerability.
MEDIUM Vulnerable Package issue exists @ jquery in branch refs/heads/master
jbrotsos
commented
3 years ago
Description
The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." The package maintainer disputes the validity of this vulnerability.
MEDIUM Vulnerable Package issue exists @ jquery in branch refs/heads/master
Vulnerability ID: CVE-2007-2379
Package Name: jquery
Severity: MEDIUM
CVSS Score: 5.0
Publish Date: 2007-04-30T23:19:00
Current Package Version: 3.0.0
Remediation Upgrade Recommendation: 3.6.0
Link To SCA
Reference – NVD link