Описание
ELSA-2021-9400: bootstrap security update (IMPORTANT)
[3.0.0-7.0.1]
- Backport jQuery CVE-2020-11023 fixes from jQuery v3.5.0 to bundled v1.10.2 [Orabug: 33181852]
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
bootstrap
3.0.0-7.0.1.el7
Связанные CVE
Связанные уязвимости
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ...
