The version of jQuery in use is vulnerable to several issues

XMLWordPrintable

    • Severity 2 - Major

      Similar to JRASERVER-43422, the version of jQuery used (currently version 2.1.4) is vulnerable to jQuery issue 2432 (3rd party $.get() auto executes if content type is text/javascript) and 11974 (parseHTML executes inline scripts like event handlers). Actual exploitation / impact to Bitbucket Server depends upon if & how the vulnerable code paths are used.

      On a related note, http://research.insecurelabs.org/jquery/test/ can be used to check jQuery versions for issues.

              Assignee:
              Michael McGlynn (Inactive)
              Reporter:
              David Black
              Votes:
              1 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated:
                Resolved: