CVE-2019-8121

Using JS libraries with known security vulnerabilities in packagist/magento/product-community-edition

Identifiers

GHSA-89ch-hqf9-rgp3, CVE-2019-8121

Package Slug

packagist/magento/product-community-edition

Vulnerability

Using JS libraries with known security vulnerabilities

Description

An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities.

Affected Versions

All versions starting from 2.2 before 2.2.10, all versions starting from 2.3 before 2.3.2-p2

Solution

Upgrade to versions 2.2.10, 2.3.2-p2 or above.

Last Modified

2024-02-05

source