The jQuery Update module enables you to update jQuery on your site.
The module ships with a modified version of the core Overlay JavaScript file, which is vulnerable to an open redirect attack (see SA-CORE-2015-002).
Only sites with the Overlay module enabled are vulnerable.
Drupal core is not affected. If you do not use the contributed jQuery Update module, there is nothing you need to do.
Install the latest version:
Also see the jQuery Update project page.
twitter.com/drupalsecurity
www.drupal.org/contact
www.drupal.org/node/2507555
www.drupal.org/project/jquery_update
www.drupal.org/SA-CORE-2015-002
www.drupal.org/security-team
www.drupal.org/security-team/risk-levels
www.drupal.org/security/secure-configuration
www.drupal.org/u/robloach
www.drupal.org/user/124982
www.drupal.org/user/2301194
www.drupal.org/user/2700643
www.drupal.org/writing-secure-code