Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qcnB3LTg4ODQtMjc0N84AA8Hg
eZ Platform Bundled jQuery affected by CVE-2019-11358
In eZ Platform 2.x, ezsystems/ezplatform-admin-ui-assets before v4.2.0 includes jQuery version 3.3.1. This version of jQuery is affected by the security vulnerability https://www.cvedetails.com/cve/CVE-2019-11358/
This is fixed in jQuery version 3.4. We recommend that you upgrade your ezsystems/ezplatform-admin-ui-assets to v4.2.0 using Composer. This release includes jQuery 3.4.1.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qcnB3LTg4ODQtMjc0N84AA8Hg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 7 months ago
Updated: 7 months ago
Identifiers: GHSA-jrpw-8884-2747
References:
- https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezplatform-admin-ui-assets/2019-07-04-1.yaml
- https://share.ez.no/community-project/security-advisories/ezsa-2019-005-bundled-jquery-affected-by-cve-2019-11358
- https://web.archive.org/web/20210614184115/https://share.ez.no/community-project/security-advisories/ezsa-2019-005-bundled-jquery-affected-by-cve-2019-11358
- https://github.com/advisories/GHSA-jrpw-8884-2747
Affected Packages
packagist:ezsystems/ezplatform-admin-ui-assets
Dependent packages: 12Dependent repositories: 70
Downloads: 682,539 total
Affected Version Ranges: >= 4.0.0, < 4.2.0
Fixed in: 4.2.0
All affected versions: 4.0.0, 4.1.0
All unaffected versions: 0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.4.0, 0.5.0, 1.0.0, 2.0.0, 3.0.0, 3.1.0, 3.2.0, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4