Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jQuery XSS vulnerabilities require vendor package update (CVE-2020-11022 / CVE-2020-11023) #3544

Closed
kim-fitness opened this issue May 8, 2020 · 1 comment
Closed

jQuery XSS vulnerabilities require vendor package update (CVE-2020-11022 / CVE-2020-11023) #3544

kim-fitness opened this issue May 8, 2020 · 1 comment
Labels
3rd Party Bug 3rd party bug bug Undesired behaviour confirmed Bug is confirm by dev team resolved A fixed issue SECURITY A security issue reported through CVE
Milestone
1.2.13

Comments

@kim-fitness
Copy link
Contributor

Describe the bug

Cacti is affected by CVE-2020-11022 and CVE-2020-11023

Expected behavior

Due to the remedy of these two CVEs, need to upgrade the jQuery to version 3.5.0 or later.
@kim-fitness kim-fitness added bug Undesired behaviour unverified Some days we don't have a clue labels May 8, 2020
@TheWitness
Copy link
Member

Thanks for reporting!

@netniV netniV added 3rd Party Bug 3rd party bug confirmed Bug is confirm by dev team and removed unverified Some days we don't have a clue labels May 9, 2020
@netniV netniV added this to the 1.2.13 milestone May 9, 2020
TheWitness added a commit that referenced this issue May 12, 2020
@TheWitness
Fixing Issue #3544
94a8b1c 
Cacti is affected by CVE-2020-11022 and CVE-2020-11023
@TheWitness TheWitness added the resolved A fixed issue label May 12, 2020
@netniV netniV changed the title Cacti is affected by CVE-2020-11022 and CVE-2020-11023 jQuery XSS vulnerabilities require vendor package update (CVE-2020-11022 / CVE-2020-11023) Jul 12, 2020
@netniV netniV added the SECURITY A security issue reported through CVE label Jul 12, 2020
@github-actions github-actions bot locked and limited conversation to collaborators Oct 11, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
3rd Party Bug 3rd party bug bug Undesired behaviour confirmed Bug is confirm by dev team resolved A fixed issue SECURITY A security issue reported through CVE
Projects
None yet
Milestone
1.2.13
Development

No branches or pull requests
3 participants
@TheWitness @netniV @kim-fitness