[BSERV-11753] jQuery 2.2.4 is vulnerable to prototype pollution - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Low
Resolution: Fixed
Affects Version/s: 5.16.4, 6.0.4, 6.1.3, 6.2.1
Fix Version/s: 5.16.5, 6.0.5, 6.1.4, 6.2.1
Component/s: None
Labels:
- patch-management
- security

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Bitbucket Server comes with jQuery version 2.2.4. This version of jQuery is vulnerable to a security bug (CVE-2019-11358, https://nvd.nist.gov/vuln/detail/CVE-2019-11358) which is only fixed in jQuery 3.4.0.

Attachments

Activity

People

Assignee:: John van der Loo

Reporter:: John van der Loo

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 13/May/2019 1:57 AM

Updated:: 10/Dec/2019 4:31 AM

Resolved:: 13/May/2019 1:58 AM