GHSA-jrpw-8884-2747
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jrpw-8884-2747
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-jrpw-8884-2747/GHSA-jrpw-8884-2747.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-jrpw-8884-2747
- Published
- 2024-05-15T21:08:41Z
- Modified
- 2024-11-29T05:40:48.192113Z
- Summary
- eZ Platform Bundled jQuery affected by CVE-2019-11358
- Details
-
In eZ Platform 2.x, ezsystems/ezplatform-admin-ui-assets before v4.2.0 includes jQuery version 3.3.1. This version of jQuery is affected by the security vulnerability https://www.cvedetails.com/cve/CVE-2019-11358/ This is fixed in jQuery version 3.4. We recommend that you upgrade your ezsystems/ezplatform-admin-ui-assets to v4.2.0 using Composer. This release includes jQuery 3.4.1.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [], "github_reviewed": true, "severity": "MODERATE", "github_reviewed_at": "2024-05-15T21:08:41Z" }- References
-
- https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezplatform-admin-ui-assets/2019-07-04-1.yaml
- https://github.com/ezsystems/ezplatform-admin-ui-assets
- https://share.ez.no/community-project/security-advisories/ezsa-2019-005-bundled-jquery-affected-by-cve-2019-11358
- https://web.archive.org/web/20210614184115/https://share.ez.no/community-project/security-advisories/ezsa-2019-005-bundled-jquery-affected-by-cve-2019-11358
Affected packages
Packagist / ezsystems/ezplatform-admin-ui-assets
Package
- Name
- ezsystems/ezplatform-admin-ui-assets
- Purl
- pkg:composer/ezsystems/ezplatform-admin-ui-assets