GHSA-89ch-hqf9-rgp3, CVE-2019-8121
packagist/magento/product-community-edition
Using JS libraries with known security vulnerabilities
An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities.
All versions starting from 2.2 before 2.2.10, all versions starting from 2.3 before 2.3.2-p2
Upgrade to versions 2.2.10, 2.3.2-p2 or above.
2024-02-05
source |