Details
-
Type:
Improvement
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: EE-4.3.0.GA_P02, EE-3.3.0.GA_P08
-
Fix Version/s: EE-4.3.0.GA_P03, EE-3.3.0.GA_P09
-
Component/s: ACE-Components, ICE-Components
-
Labels:None
-
Environment:ICEfaces components.
Description
The jQuery library used by ICEfaces components has known security vulnerabilities.
See https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/Jquery-Jquery.html
This JIRA is to analyze these to determine if there is an exposure vector outside of the ICEfaces component code (via the browser) for any of these.
See https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/Jquery-Jquery.html
This JIRA is to analyze these to determine if there is an exposure vector outside of the ICEfaces component code (via the browser) for any of these.
More detailed information can be found in this wiki article:
http://www.icesoft.org/wiki/display/ICE/jQuery+Security+Vulnerability+Mitigation