Cross-Site Scripting (XSS)

2017-03-2021:50:28

Egor Homakov

www.npmjs.com

8172

JSON

Overview

Affected versions of jquery interpret text/javascript responses from cross-origin ajax requests, and automatically execute the contents in jQuery.globalEval, even when the ajax request doesn’t contain the dataType option.

Recommendation

Update to version 3.0.0 or later.

References

Issue #2432
Commit #b078a62
PR #2588
GitHub Advisory

CPENameOperatorVersion
jqueryge1.4.0 <=1.11.3 || >=1.12.4 <=2.2.4

CPE	Name	Operator	Version
	jquery	ge	1.4.0 <=1.11.3 \|\| >=1.12.4 <=2.2.4

JSON

Related for NODEJS:328