[
https://issues.apache.org/jira/browse/FELIX-5893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler closed FELIX-5893.
-----------------------------------
> JQuery Security bug CVE-2015-9251 in Web Console
> ------------------------------------------------
>
> Key: FELIX-5893
> URL: https://issues.apache.org/jira/browse/FELIX-5893
> Project: Felix
> Issue Type: Bug
> Components: Console
> Affects Versions: webconsole-4.3.4
> Reporter: Varun Ganesh
> Assignee: Carsten Ziegeler
> Priority: Major
> Fix For: webconsole-4.3.8
>
> Attachments: FELIX-5893.diff
>
>
> Hi Experts,
> In our product we are using Sling version 6 in one of our
> release.(Working on Migration to Sling 10 for next versions)
> Recently we came across a security bug CVE-2015-9251.
> (CVE-2015-9251 is a vulnerability to allow an attacker to execute
> arbitrary code when text/javascript responses are received from cross-origin
> ajax requests not containing the option `dataType`. Its CVSS score is 6.1 in
> NVD.).
>
> To fix this an up-gradation of jQuery to versions greater than 3.0.0 is
> required.
>
> In our product we are using felix web console dependency which contains
> jQuery of version 1.3.2.js.
>
> As part of the fix for the security bug we need to upgrade the jQuery in
> the jar that are mentioned above.
> For that we checked the latest versions for the above mentioned jars and
> identified that the jQuery versions are not above v3.0.0.
> So could you please help us in upgrading them as soon as possible.
>
> Thanks,
> Varun.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
