CVE-2015-9251 Medium Severity Vulnerability detected by WhiteSource
mend-bolt-for-github opened this issue · comments
CVE-2015-9251 - Medium Severity Vulnerability
Vulnerable Library - jquery-1.11.1.min.js
JavaScript library for DOM operations
path: /docs-travis-ci-com/_includes/head.html
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js
Dependency Hierarchy:
- ❌ jquery-1.11.1.min.js (Vulnerable Library)
Vulnerability Details
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Change files
Origin: jquery/jquery@b078a62#diff-bee4304906ea68bebadfc11be4368419
Release Date: 2015-10-12
Fix Resolution: Replace or update the following files: script.js, ajax.js, ajax.js
Step up your Open Source Security Game with WhiteSource here
Thanks for contributing to this issue. As it has been 90 days since the last activity, we are automatically closing the issue. This is often because the request was already solved in some way and it just wasn't updated or it's no longer applicable. If that's not the case, please do feel free to either reopen this issue or open a new one. We'll gladly take a look again! You can read more here: https://blog.travis-ci.com/2018-03-09-closing-old-issues