Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jQuery < v3.5.0 - Cross-Site Scripting ('XSS') Vulnerability (CVE-2020-23064) #1924

Open
diversemix opened this issue Dec 19, 2024 · 1 comment
Open

jQuery < v3.5.0 - Cross-Site Scripting ('XSS') Vulnerability (CVE-2020-23064) #1924

diversemix opened this issue Dec 19, 2024 · 1 comment
Assignees
@turner

Comments

@diversemix
Copy link

This package appears to statically embed jquery, which means there is no fix by trying to pin a higher version in your package.json -- This approach means any application that uses it is subject to the above CVE
@jrobinso
Copy link
Contributor

Noted. We have plans to eliminate jQuery entirely.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@turner turner

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@turner @jrobinso @diversemix