Описание
Potential XSS in jQuery dependency in Mirador
Impact
Mirador users less than v3.0.0 (alpha-rc) versions that have an unpatched jQuery. When adopters update jQuery they will find some of Mirador functionality to be broken.
Patches
Mirador adopters should update to v3.0.0, no updates exist for v2.x releases.
Workarounds
Yes, Mirador users could fork and create their own custom build of Mirador and make the bug fixes themselves.
References
https://github.com/advisories/GHSA-gxr4-xjj5-5px2 https://github.com/advisories/GHSA-jpcq-cgw6-v4j6
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://jquery.com/upgrade-guide/3.5/
Пакеты
Наименование
mirador
npm
Затронутые версииВерсия исправления
<= 2.7.2
3.0.0-alpha.0
Дефекты
CWE-79
Дефекты
CWE-79