Fluid Attacks Database

Description

cross-site scripting

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.10	ruby	=1.8.7_p160-r2 \|\| =1.8.7_p160-r3 \|\| =1.8.7_p174-r0 \|\| =1.8.7_p174-r1 \|\| =1.8.7_p174-r2 \|\| =1.8.7_p174-r3 \|\| =1.8.7_p174-r4 \|\| =1.8.7_p174-r6 \|\| =1.8.7_p174-r7 \|\| =1.8.7_p299-r0 \|\| =1.8.7_p299-r1 \|\| =1.8.7_p299-r2 \|\| =1.8.7_p352-r0 \|\| =1.8.7_p352-r1 \|\| =1.8.7_p358-r1 \|\| =1.8.7_p72-r1 \|\| =1.8.7_p72-r2 \|\| =1.9.3_p194-r0 \|\| =1.9.3_p286-r0 \|\| =1.9.3_p286-r1 \|\| =1.9.3_p286-r2 \|\| =1.9.3_p327-r0 \|\| =1.9.3_p362-r0 \|\| =1.9.3_p374-r0 \|\| =1.9.3_p385-r0 \|\| =1.9.3_p392-r0 \|\| =2.0.0_p0-r0 \|\| =2.0.0_p0-r1 \|\| =2.0.0_p195-r0 \|\| =2.0.0_p247-r0 \|\| =2.0.0_p247-r1 \|\| =2.0.0_p247-r2 \|\| =2.0.0_p247-r3 \|\| =2.0.0_p353-r0 \|\| =2.0.0_p353-r1 \|\| =2.0.0_p353-r2 \|\| =2.0.0_p481-r0 \|\| =2.1.5-r0 \|\| =2.1.5-r1 \|\| =2.2.1-r0 \|\| =2.2.2-r0 \|\| =2.2.2-r1 \|\| =2.2.3-r0 \|\| =2.2.3-r1 \|\| =2.2.4-r0 \|\| =2.3.1-r0 \|\| =2.3.1-r1 \|\| =2.3.1-r2 \|\| =2.3.2-r0 \|\| =2.3.3-r0 \|\| =2.3.3-r1 \|\| =2.3.3-r2 \|\| =2.3.3-r3 \|\| =2.4.0-r3 \|\| =2.4.1-r1 \|\| =2.4.1-r2 \|\| =2.4.1-r3 \|\| =2.4.1-r4 \|\| =2.4.1-r5 \|\| =2.4.2-r0 \|\| =2.4.2-r1 \|\| =2.4.3-r0 \|\| =2.5.0-r0 \|\| =2.5.0-r1 \|\| =2.5.1-r0 \|\| =2.5.1-r1 \|\| =2.5.1-r2 \|\| =2.5.2-r0 \|\| =2.5.3-r0 \|\| =2.5.3-r1 \|\| =2.5.3-r2 \|\| =2.5.5-r0 \|\| >=0 <2.5.6-r0	2.5.6-r0
rubygems	jquery-rails	>=0 <4.2.0	4.2.0
maven	org.webjars.npm:jquery	>=0 <1.12.2 \|\| >=1.12.3 <3.0.0	1.12.2, 3.0.0
npm	jquery	>=0 <1.12.2 \|\| >=0 <1.12.2 \|\| >=1.12.3 <3.0.0 \|\| >=1.12.3 <3.0.0	1.12.2, 1.12.2, 3.0.0, 3.0.0
nuget	jquery	>=0 <3.0.0	3.0.0
rubygems	rdoc	>=0 <6.1.2	6.1.2
maven	org.webjars:jquery	>=0 <1.12.2 \|\| >=1.12.3 <3.0.0	-
rpm rhel7	ipa	<0:4.6.8-5.el7	0:4.6.8-5.el7
rpm rhel8	pki-core	<0:10.9.4-1.module+el8.3.0+8058+d5cd4219	0:10.9.4-1.module+el8.3.0+8058+d5cd4219
rpm rhel7	pki-core	-	-

1-10 of 11

Aliases

1. CVE-2015-92512. NVD-2015-92513. OSV-ALPINE-2015-92514. OSV-2015-92515. GHSA-rmxg-73gg-4p986. GCVE-2015-92517. SECURITY-CVE-2015-92518. access.redhat.com9. access.redhat.com10. DB-CVE-2015-9251

References

1. https://github.com/jquery/jquery/issues/24322. https://github.com/jquery/jquery/issues/2432#issuecomment-4037612293. https://github.com/jquery/jquery/pull/25884. https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb25. https://github.com/jquery/jquery/commit/b078a62013782c7424a4a61a240c23c4c0b426146. https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc7. https://seclists.org/bugtraq/2019/May/188. https://security.netapp.com/advisory/ntap-20210108-00049. https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf10. https://web.archive.org/web/20200227030101/http://www.securityfocus.com/bid/10565811. https://www.oracle.com/security-alerts/cpuapr2020.html12. https://www.oracle.com/security-alerts/cpujan2020.html13. https://www.oracle.com/security-alerts/cpujul2020.html14. https://www.oracle.com/security-alerts/cpuoct2020.html15. https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html16. https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html17. https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html18. https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html19. https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#42020. https://github.com/rails/jquery-rails/blob/v4.2.0/vendor/assets/javascripts/jquery3.js#L937721. https://github.com/rails/jquery-rails/releases/tag/v4.2.022. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2015-9251.yml23. https://ics-cert.us-cert.gov/advisories/ICSA-18-212-0424. https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA4460125. https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E26. https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E27. https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E28. https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E29. https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E30. https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E31. https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E32. https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E33. http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html34. http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html35. http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html36. http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html37. http://seclists.org/fulldisclosure/2019/May/1038. http://seclists.org/fulldisclosure/2019/May/1139. http://seclists.org/fulldisclosure/2019/May/1340. http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html41. https://vulncheck.com/cve/CVE-2015-925142. https://www.npmjs.com/advisories/32843. https://security.netapp.com/advisory/ntap-20210108-0004/44. http://www.securityfocus.com/bid/10565845. https://github.com/halkichi0308/CVE-2015-925146. https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/