GHSA-jrpw-8884-2747

Suggest an improvement
Source
https://github.com/advisories/GHSA-jrpw-8884-2747
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-jrpw-8884-2747/GHSA-jrpw-8884-2747.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-jrpw-8884-2747
Published
2024-05-15T21:08:41Z
Modified
2024-11-29T05:40:48.192113Z
Summary
eZ Platform Bundled jQuery affected by CVE-2019-11358
Details

In eZ Platform 2.x, ezsystems/ezplatform-admin-ui-assets before v4.2.0 includes jQuery version 3.3.1. This version of jQuery is affected by the security vulnerability https://www.cvedetails.com/cve/CVE-2019-11358/ This is fixed in jQuery version 3.4. We recommend that you upgrade your ezsystems/ezplatform-admin-ui-assets to v4.2.0 using Composer. This release includes jQuery 3.4.1.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-15T21:08:41Z"
}
References

Affected packages

Packagist / ezsystems/ezplatform-admin-ui-assets

Package

Name
ezsystems/ezplatform-admin-ui-assets
Purl
pkg:composer/ezsystems/ezplatform-admin-ui-assets

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.2.0

Affected versions

v4.*

v4.0.0
v4.1.0