GHSA-89ch-hqf9-rgp3

Source

https://github.com/advisories/GHSA-89ch-hqf9-rgp3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/11/GHSA-89ch-hqf9-rgp3/GHSA-89ch-hqf9-rgp3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-89ch-hqf9-rgp3

Aliases

CVE-2019-8121

Published

2019-11-12T22:59:28Z

Modified

2024-11-30T05:38:54.051768Z

Summary

Using JS libraries with known security vulnerabilities

Details

An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2019-11-12T22:13:41Z"
}

References

Affected packages

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2

Fixed

2.2.10

Affected versions

2.*

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

Packagist / magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3

Fixed

2.3.3

Affected versions

2.*

2.3.0

2.3.1

2.3.2

2.3.2-p2

Packagist / magento/product-community-edition

Package

Name: magento/product-community-edition
Purl: pkg:composer/magento/product-community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2

Fixed

2.2.10

Packagist / magento/product-community-edition

Package

Name: magento/product-community-edition
Purl: pkg:composer/magento/product-community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3

Fixed

2.3.2-p2