search

udsm-dhis2-lab / 90-90-90-cascade-graph-widget

90-90-90 HIV Prevention, Engagement and Care Cascade Graph Widget(i.e Treatment target graph to help end the AIDS epidemic)
GNU Lesser General Public License v3.0
0 stars 0 forks source link

CVE-2015-9521 (Medium) detected in multiple libraries #235

Open mend-bolt-for-github[bot] opened 4 years ago

mend-bolt-for-github[bot] commented 4 years ago

CVE-2015-9521 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-1.11.1.js, jquery-1.4.4.min.js, jquery-1.7.1.min.js

jquery-1.11.1.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.js

Path to dependency file: /tmp/ws-scm/90-90-90-cascade-graph-widget/node_modules/unix-crypt-td-js/test/test.html

Path to vulnerable library: /90-90-90-cascade-graph-widget/node_modules/unix-crypt-td-js/test/test.html

Dependency Hierarchy: - :x: **jquery-1.11.1.js** (Vulnerable Library)

jquery-1.4.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.4.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/90-90-90-cascade-graph-widget/node_modules/selenium-webdriver/lib/test/data/selectableItems.html

Path to vulnerable library: /90-90-90-cascade-graph-widget/node_modules/selenium-webdriver/lib/test/data/js/jquery-1.4.4.min.js

Dependency Hierarchy: - :x: **jquery-1.4.4.min.js** (Vulnerable Library)

jquery-1.7.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/90-90-90-cascade-graph-widget/node_modules/sockjs/examples/echo/index.html

Path to vulnerable library: /90-90-90-cascade-graph-widget/node_modules/sockjs/examples/echo/index.html,/90-90-90-cascade-graph-widget/node_modules/sockjs/examples/multiplex/index.html,/90-90-90-cascade-graph-widget/node_modules/sockjs/examples/hapi/html/index.html,/90-90-90-cascade-graph-widget/node_modules/sockjs/examples/express-3.x/index.html

Dependency Hierarchy: - :x: **jquery-1.7.1.min.js** (Vulnerable Library)

Found in HEAD commit: ed08231afa2ce09712b3d38544bd0e8f44bd83e7

Vulnerability Details

The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.

Publish Date: 2019-10-23

URL: CVE-2015-9521

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://github.com/jquery/jquery/commit/b078a62013782c7424a4a61a240c23c4c0b42614

Release Date: 2019-10-23

Fix Resolution: 2.2.0

Step up your Open Source Security Game with WhiteSource here

issue-label-bot[bot] commented 4 years ago

Issue-Label Bot is automatically applying the label bug to this issue, with a confidence of 0.86. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!

Links: app homepage, dashboard and code for this bot.