UBUNTU-CVE-2017-6929

Source
https://ubuntu.com/security/CVE-2017-6929
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-6929.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2017-6929
Related
Published
2018-03-01T23:29:00Z
Modified
2024-12-18T16:34:41Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core upgrade to jQuery 3. For Drupal 7, it is fixed in the current release (Drupal 7.57) for jQuery 1.4.4 (the version that ships with Drupal 7 core) as well as for other newer versions of jQuery that might be used on the site, for example using the jQuery Update module.

References

Affected packages

Ubuntu:Pro:14.04:LTS / drupal7

Package

Name
drupal7
Purl
pkg:deb/ubuntu/drupal7?arch=src?distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.23-1
7.24-1
7.24-2
7.26-1
7.26-1ubuntu0.1
7.26-1ubuntu0.1+esm1
7.26-1ubuntu0.1+esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / drupal7

Package

Name
drupal7
Purl
pkg:deb/ubuntu/drupal7?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.38-1
7.41-1
7.44-1ubuntu1~16.04.0
7.44-1ubuntu1~16.04.0+esm1
7.44-1ubuntu1~16.04.0+esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}