uniquelyparticular / shipengine-request

A Particularly minimal ShipEngine API request library for Node.
https://uniquelyparticular.com
MIT License
1 stars 1 forks source link

CVE-2015-9521 (Medium) detected in jquery-1.8.1.min.js - autoclosed #90

Closed mend-bolt-for-github[bot] closed 2 years ago

mend-bolt-for-github[bot] commented 4 years ago

CVE-2015-9521 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.8.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.8.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/shipengine-request/node_modules/redeyed/examples/browser/index.html

Path to vulnerable library: /shipengine-request/node_modules/redeyed/examples/browser/index.html

Dependency Hierarchy: - :x: **jquery-1.8.1.min.js** (Vulnerable Library)

Found in HEAD commit: 27ea9f73d468c0ee925f6876733058bf89f966d7

Vulnerability Details

The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.

Publish Date: 2019-10-23

URL: CVE-2015-9521

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://github.com/jquery/jquery/commit/b078a62013782c7424a4a61a240c23c4c0b42614

Release Date: 2019-10-23

Fix Resolution: 2.2.0


Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github[bot] commented 2 years ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.