[GHSA-9p4g-cjcf-q3x2] The jQuery deserialize library in Fisheye and Crucible...

[anonymous4ACL24]

Updates

• Affected products
• Summary

Comments
the affected packages and their versions are pointed outed in the reference:

https://jira.atlassian.com/browse/CRUC-8531
https://jira.atlassian.com/browse/FE-7395

[darakian]

Should this one not also be about the jquery package? It seems like the discovery was simply made in the two packages you listed.

[anonymous4ACL24]

Should this one not also be about the jquery package? It seems like the discovery was simply made in the two packages you listed.

I think jQuery shall not be included, and the existing vulnerability database also marks only these two packages as affected, e.g., http://www.nsfocus.net/vulndb/66346.

Additionally, jQuery does not have a version 4.8.9.

[anonymous4ACL24]

Hi, could you take a look at my preceding response?

[darakian]

I am unfamiliar with this nsfocus database. Given that the tickets you link both explicitly call out jquery as the vulnerable component I think it makes more sense to dig into which version(s) of jquery are affected.

[taladrane]

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.