[Pkg-javascript-devel] Bug#1026050: jquery-minicolors: CVE-2021-4243
Moritz Mühlenhoff
jmm at inutil.org
Tue Dec 13 19:04:38 GMT 2022
Source: jquery-minicolors
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for jquery-minicolors.
CVE-2021-4243[0]:
| A vulnerability was found in claviska jquery-minicolors up to 2.3.5.
| It has been rated as problematic. Affected by this issue is some
| unknown functionality of the file jquery.minicolors.js. The
| manipulation leads to cross site scripting. The attack may be launched
| remotely. Upgrading to version 2.3.6 is able to address this issue.
| The name of the patch is ef134824a7f4110ada53ea6c173111a4fa2f48f3. It
| is recommended to upgrade the affected component. VDB-215306 is the
| identifier assigned to this vulnerability.
https://github.com/claviska/jquery-minicolors/releases/tag/2.3.6
https://github.com/claviska/jquery-minicolors/commit/ef134824a7f4110ada53ea6c173111a4fa2f48f3
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-4243
https://www.cve.org/CVERecord?id=CVE-2021-4243
Please adjust the affected versions in the BTS as needed.
More information about the Pkg-javascript-devel
mailing list