search

udsm-dhis2-lab / moh-sra-app

MOH mobile APP(Star Rating Assessment APP) to measure the performance of various healthcare facilities aimed at improving healthcare in Tanzania
GNU Lesser General Public License v3.0
0 stars 0 forks source link

CVE-2015-9521 (Medium) detected in multiple libraries #4

Open mend-bolt-for-github[bot] opened 4 years ago

mend-bolt-for-github[bot] commented 4 years ago

CVE-2015-9521 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-2.1.1.min.js, jquery-2.1.4.min.js, jquery-1.12.4.min.js, jquery-1.7.1.min.js

jquery-2.1.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/moh-sra-app/src/index.html

Path to vulnerable library: /moh-sra-app/src/assets/library/jquery/jquery-2.1.1.min.js

Dependency Hierarchy: - :x: **jquery-2.1.1.min.js** (Vulnerable Library)

jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/moh-sra-app/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /moh-sra-app/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy: - :x: **jquery-2.1.4.min.js** (Vulnerable Library)

jquery-1.12.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/moh-sra-app/node_modules/localforage/docs/index.html

Path to vulnerable library: /moh-sra-app/node_modules/localforage/docs/index.html

Dependency Hierarchy: - :x: **jquery-1.12.4.min.js** (Vulnerable Library)

jquery-1.7.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/moh-sra-app/node_modules/vm-browserify/example/run/index.html

Path to vulnerable library: /moh-sra-app/node_modules/vm-browserify/example/run/index.html

Dependency Hierarchy: - :x: **jquery-1.7.1.min.js** (Vulnerable Library)

Found in HEAD commit: 0ba2b38287afb21355ca6e883f8e2b702656a2dd

Vulnerability Details

The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.

Publish Date: 2019-10-23

URL: CVE-2015-9521

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://github.com/jquery/jquery/commit/b078a62013782c7424a4a61a240c23c4c0b42614

Release Date: 2019-10-23

Fix Resolution: 2.2.0

Step up your Open Source Security Game with WhiteSource here

issue-label-bot[bot] commented 4 years ago

Issue-Label Bot is automatically applying the label bug to this issue, with a confidence of 0.84. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!

Links: app homepage, dashboard and code for this bot.