Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Duplicate
-
3.5.7, 3.6.5, 3.7.1
-
None
-
None
-
MOODLE_35_STABLE, MOODLE_36_STABLE, MOODLE_37_STABLE
Description
There is a minor and relatively hard-to-exploit security vulnerability in jQuery 3.2.x that ships with currently security-supported versions of Moodle e.g. 3.5.x.
More information on the vulnerability patched in jQuery 3.4.0:
- https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
- https://www.zdnet.com/article/popular-jquery-javascript-library-impacted-by-prototype-pollution-flaw/
Two options I see that would fix this:
- Update to jQuery 3.4.x and backport the other fixes from
MDL-65751; or - Patch the jQuery 3.2.x version as mentioned on the jQuery release page
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
The latter looks pretty easy - a one-line patch.
Ref MDL-65751
Attachments
Issue Links
- has a non-specific relationship to
-
MDL-65751 Upgrade jQuery to 3.4.1
-
- Closed
-