jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks
when a cross-domain Ajax request is performed without the dataType option,
causing text/javascript responses to be executed.
Author | Note |
---|---|
mdeslaur | fix is intrusive and backwards-incompatible, see bug 3011 Due to this, we will not be fixing this issue in Ubuntu stable releases. Marking as ignored. |
github.com/jquery/jquery/pull/2588
github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2
launchpad.net/bugs/cve/CVE-2015-9251
nvd.nist.gov/vuln/detail/CVE-2015-9251
security-tracker.debian.org/tracker/CVE-2015-9251
snyk.io/vuln/npm:jquery:20150627
www.cve.org/CVERecord?id=CVE-2015-9251