This site has been archived. To learn more about our current products Ibexa Content, Ibexa Experience, Ibexa Commerce head over to the Ibexa Developer Portal

eZ Community » Security Advisories » EZSA-2019-005: Bundled jQuery...

EZSA-2019-005: Bundled jQuery affected by CVE-2019-11358

Publication date : 27/06/2019
Severity : Medium
Affected versions : eZ Platform 2.x
Resolving versions : ezsystems/ezplatform-admin-ui-assets v4.2.0 (eZ Platform v2.5.3)

In eZ Platform 2.x, ezsystems/ezplatform-admin-ui-assets before v4.2.0 includes jQuery version 3.3.1. This version of jQuery is affected by the security vulnerability
This is fixed in jQuery version 3.4. We recommend that you upgrade your ezsystems/ezplatform-admin-ui-assets to v4.2.0 using Composer. This release includes jQuery 3.4.1.

This issue was reported to us by Carlos Revillo from The Cocktail:

We are very grateful for his research, and responsible disclosure to us.

If you come across a security issue in our products, here is how you can report it to us:

36 542 Users on board!

Community Project menu

Proudly Developed with from