Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-10967

Update jQuery version bundled in Bitbucket.

    XMLWordPrintable

Details

    • We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      The version of jQuery bundled in Bitbucket server is affected by the CVE described below.

      jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. BSERV-10873 The version of jQuery in use is vulnerable to several issues

          • High - High priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              dgnoato@atlassian.com Douglas Gnoato
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: