Blackduck: Automated PR: Update jquery/2.2.4 to 3.7.1 #268
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Vulnerabilities associated with jquery/2.2.4
BDSA-2014-0063 (HIGH): jQuery is vulnerable to cross-site scripting (XSS) due to lack of validation of user-supplied input. This could allow an attacker to inject arbitrary web scripts and steal a victim's session cookies.
BDSA-2017-2930 (HIGH): jQuery is vulnerable to cross-site scripting (XSS) due to the way it processes certain types of Ajax requests. This can allow potential attackers to execute arbitrary code on the target system.
BDSA-2019-1138 (HIGH): An improper input validation vulnerability has been discovered in JQuery. An attacker could exploit this vulnerability to execute cross-site scripting (XSS) attacks, trigger a denial-of-service (DoS) condition, or gain unauthorized access to the application.
BDSA-2020-0686 (HIGH): It was discovered that jQuery could allow for cross-site scripting (XSS) vulnerabilities to be introduced if
jQuery.htmlPrefiltermethod is used. Attackers could exploit XSS vulnerabilities to execute JavaScript code in a target's browser by tricking them into accessing the vulnerable page. This would allow an attacker to steal an administrator's session tokens or execute arbitrary code on their behalf by sending the link to an unsuspecting user or waiting for them to discover it.BDSA-2020-0964 (HIGH): It was discovered that jQuery could allow for cross-site scripting (XSS) vulnerabilities to be introduced if certain HTML is passed to Document Object Model (DOM) manipulation methods. Attackers could exploit XSS vulnerabilities to execute JavaScript code in a target browser by tricking them into accessing the vulnerable page. This would allow an attacker to steal an administrator's session tokens or execute arbitrary code on their behalf by sending the link to an unsuspecting user or waiting for them to discover it.
Click Here To See More Details On Server