[wp-trac] [WordPress Trac] #47020: jQuery Update 3.4.0 vulnerability
WordPress Trac
noreply at wordpress.org
Fri May 24 06:56:46 UTC 2019
#47020: jQuery Update 3.4.0 vulnerability
--------------------------------+-------------------------
Reporter: MikeNGarrett | Owner: azaozz
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 5.2.1
Component: External Libraries | Version: 5.1.1
Severity: normal | Resolution: fixed
Keywords: fixed-major | Focuses: javascript
--------------------------------+-------------------------
Comment (by superpoincare):
There seems to be another vulnerability as reported here:
https://snyk.io/vuln/npm:jquery
The third in the list.
The patch was for some reason removed from jQuery 1.12.3 although present
in 1.12.2 (and hence not present in 1.12.4).
The modification is to add
{{{
// Prevent auto-execution of scripts when no explicit dataType was
provided (See gh-2432)
jQuery.ajaxPrefilter( function( s ) {
if ( s.crossDomain ) {
s.contents.script = false;
}
} );
}}}
Line 10368 here: https://code.jquery.com/jquery-1.12.2.js
as per the last comment here:
https://github.com/jquery/jquery/issues/2432#issuecomment-403761229
Apologies in advance if irrelevant.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47020#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list