Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnd20tcHY5aC1xNW03
Potential XSS in jQuery dependency in Mirador
Impact
Mirador users less than v3.0.0 (alpha-rc) versions that have an unpatched jQuery. When adopters update jQuery they will find some of Mirador functionality to be broken.
Patches
Mirador adopters should update to v3.0.0, no updates exist for v2.x releases.
Workarounds
Yes, Mirador users could fork and create their own custom build of Mirador and make the bug fixes themselves.
References
https://github.com/advisories/GHSA-gxr4-xjj5-5px2
https://github.com/advisories/GHSA-jpcq-cgw6-v4j6
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://jquery.com/upgrade-guide/3.5/
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnd20tcHY5aC1xNW03
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 4 years ago
Updated: almost 2 years ago
Identifiers: GHSA-hgwm-pv9h-q5m7
References:
- https://github.com/ProjectMirador/mirador/security/advisories/GHSA-hgwm-pv9h-q5m7
- https://github.com/advisories/GHSA-hgwm-pv9h-q5m7
Blast Radius: 0.0
Affected Packages
npm:mirador
Dependent packages: 40Dependent repositories: 138
Downloads: 15,200 last month
Affected Version Ranges: <= 2.7.2
Fixed in: 3.0.0-alpha.0
All affected versions: 0.1.2, 2.1.1, 2.1.3, 2.1.4, 2.5.1, 2.6.0, 2.6.1, 2.7.0, 2.7.1, 2.7.2
All unaffected versions: 3.0.0, 3.1.0, 3.1.1, 3.2.0, 3.3.0