Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-10873

The version of jQuery in use is vulnerable to several issues

    XMLWordPrintable

Details

    Description

      Similar to JRASERVER-43422, the version of jQuery used (currently version 2.1.4) is vulnerable to jQuery issue 2432 (3rd party $.get() auto executes if content type is text/javascript) and 11974 (parseHTML executes inline scripts like event handlers). Actual exploitation / impact to Bitbucket Server depends upon if & how the vulnerable code paths are used.

      On a related note, http://research.insecurelabs.org/jquery/test/ can be used to check jQuery versions for issues.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. BAM-19990 The versions of jQuery and jQuery UI in use are vulnerable to several issues

          • Low - Low priority issues
          • Closed

          Suggestion - BSERV-10967 Update jQuery version bundled in Bitbucket.

          • Closed
          relates to

          Suggestion - JRASERVER-43422 Update the jQuery version used in Jira for better compatibility

          • Closed

          SECURITY-54 Loading...

          mentioned in

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Activity

            People

              mmcglynn Deez Nutz (Inactive)
              dblack David Black
              Votes:
              1 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: