Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #42980 Library jquery 1.9.1 is vulnerable
    Actions
    Infos
    #42980
    Nicolas Vanderhofstadt (nicolascentran)
    2025-05-13 11:11
    2025-05-12 13:25
    44662
    Details
    Library jquery 1.9.1 is vulnerable

    Hello. we are using the latest Community version.

    Our security tools has detected that the library jquery 1.9.1 is vulnerable with a medium risk :

    CVE-2020-11023 CVE-2020-11022

    Do you know if an update will be done about it (or could you do it) ?

    Thank you in advance.

    Kind Regards

    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    New
    Empty
    Attachments
    Empty
    References
    Referenced by request #42980

    Artifact Tracker v5

    request #39762 Get Rid of JQuery

    Other

    gerrit #34421
    Display settings

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2025-05-13 11:11

    Made an attempt to remove the vendoring of these old versions. It looks okayish, see gerrit #34421. Will try to move it forward for Tuleap 16.9.

    User avatar
    Thomas Gerbet (tgerbet)2025-05-12 16:37

    Hello,

    To re-assure you, we are not aware of injection points allowing to exploit CVE-2020-11022 or CVE-2020-11023.

    We are getting rid of jQuery opportunistically overall whenever we can (art #39762) but removing it completely is unlikely to happen in short term.

    That's being said in the current situation we might be able to get rid of these really old version at least to prevent it from being flagged.

    • Category changed from Continuous Integration to Other
    • Reported in version changed from 16.7 to All