Affected versions of jquery
interpret text/javascript
responses from cross-origin ajax requests, and automatically execute the contents in jQuery.globalEval
, even when the ajax request doesnβt contain the dataType
option.
Update to version 3.0.0 or later.
CPE | Name | Operator | Version |
---|---|---|---|
jquery | ge | 1.4.0 <=1.11.3 || >=1.12.4 <=2.2.4 |