[
https://issues.apache.org/jira/browse/STORM-3553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17148605#comment-17148605
]
[email protected] commented on STORM-3553:
----------------------------------------------
|[CVE-2020-11022|https://vuln.whitesourcesoftware.com/vulnerability/CVE-2020-11022]|Medium|6.1|4.3|29-04-2020|16-06-2020|
|In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML
from untrusted sources - even after sanitizing it - to one of jQuery's DOM
manipulation methods (i.e. .html(), .append(), and others) may execute
untrusted code. This problem is patched in jQuery 3.5.0.|
> Upgrade JQuery to 3.4.x
> -----------------------
>
> Key: STORM-3553
> URL: https://issues.apache.org/jira/browse/STORM-3553
> Project: Apache Storm
> Issue Type: Bug
> Components: storm-core
> Affects Versions: 2.0.0, 1.2.3, 2.1.0
> Reporter: Ahmed Mahfouz
> Priority: Major
>
> JQuery < 3.4.0 has some security issues ([https://snyk.io/vuln/npm:jquery)]
> JQuery 1.11.1 that currently being used is having this security issue:
> - Prototype Pollution
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
