Uploaded image for project: 'Fedora Repository Project'
  1. Fedora Repository Project
  2. FCREPO-2578

XSS vulnerability JQuery version used by UI

    XMLWordPrintable

    Details

      Description

      The version of JQuery used by the HTML UI (1.9.1) has a cross-site scripting vulnerability:
      https://nvd.nist.gov/vuln/detail/CVE-2016-7103. The fix is to upgrade to 1.12.0 or later.

      This was flagged by our institution's vulnerability detector, but it looks like the actual risk is minimal, and that it is a technicality.

        Attachments

          Activity

            People

            Assignee:
            birkland Aaron Birkland
            Reporter:
            birkland Aaron Birkland
            Reviewer:
            Andrew Woods
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: