Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-66186

jQuery 3.2.x minor security vuln - update to 3.4.x or patch 3.2.x

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Duplicate
    • 3.5.7, 3.6.5, 3.7.1
    • None
    • JavaScript, Libraries
    • None
    • MOODLE_35_STABLE, MOODLE_36_STABLE, MOODLE_37_STABLE

    Description

      There is a minor and relatively hard-to-exploit security vulnerability in jQuery 3.2.x that ships with currently security-supported versions of Moodle e.g. 3.5.x.

      More information on the vulnerability patched in jQuery 3.4.0:

      Two options I see that would fix this:

      1. Update to jQuery 3.4.x and backport the other fixes from MDL-65751; or
      2. Patch the jQuery 3.2.x version as mentioned on the jQuery release page
        https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
        The latter looks pretty easy - a one-line patch.

      Ref MDL-65751

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              mwebster Mark van Hoek
              Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Laurent David, Sara Arjona (@sarjona)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: