This site has been archived. To learn more about our current products Ibexa Content, Ibexa Experience, Ibexa Commerce head over to the Ibexa Developer Portal

eZ Community » Security Advisories » EZSA-2019-005: Bundled jQuery...

EZSA-2019-005: Bundled jQuery affected by CVE-2019-11358

Publication date : 27/06/2019
Severity : Medium
Affected versions : eZ Platform 2.x
Resolving versions : ezsystems/ezplatform-admin-ui-assets v4.2.0 (eZ Platform v2.5.3)

In eZ Platform 2.x, ezsystems/ezplatform-admin-ui-assets before v4.2.0 includes jQuery version 3.3.1. This version of jQuery is affected by the security vulnerability https://www.cvedetails.com/cve/CVE-2019-11358/
This is fixed in jQuery version 3.4. We recommend that you upgrade your ezsystems/ezplatform-admin-ui-assets to v4.2.0 using Composer. This release includes jQuery 3.4.1.

This issue was reported to us by Carlos Revillo from The Cocktail:
https://the-cocktail.com/

We are very grateful for his research, and responsible disclosure to us.

If you come across a security issue in our products, here is how you can report it to us: https://doc.ez.no/Security

36 542 Users on board!

Community Project menu

Proudly Developed with from