Skip to content

Using JS libraries with known security vulnerabilities

High severity GitHub Reviewed Published Nov 12, 2019 to the GitHub Advisory Database • Updated Feb 5, 2024

Package

composer magento/community-edition (Composer)

Affected versions

>= 2.2, < 2.2.10
>= 2.3, < 2.3.3

Patched versions

2.2.10
2.3.3
composer magento/product-community-edition (Composer)
>= 2.2, < 2.2.10
>= 2.3, < 2.3.2-p2
2.2.10
2.3.2-p2

Description

An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities.

References

Reviewed Nov 12, 2019
Published to the GitHub Advisory Database Nov 12, 2019
Last updated Feb 5, 2024

Severity

High

EPSS score

0.186%
(57th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2019-8121

GHSA ID

GHSA-89ch-hqf9-rgp3

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.