eZ Platform Bundled jQuery affected by CVE-2019-11358
In eZ Platform 2.x, ezsystems/ezplatform-admin-ui-assets before v4.2.0 includes jQuery version 3.3.1. This version of jQuery is affected by the security vulnerability https://www.cvedetails.com/cve/CVE-2019-11358/ This is fixed in jQuery version 3.4. We recommend that you upgrade your ezsystems/ezplatform-admin-ui-assets to v4.2.0 using Composer. This release includes jQuery 3.4.1.
| Software | From | Fixed in |
|---|---|---|
ezsystems / ezplatform-admin-ui-assets
|
4.0.0 | 4.2.0 |
- https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezplatform-admin-ui-assets/2019-07-04-1.yaml
- https://share.ez.no/community-project/security-advisories/ezsa-2019-005-bundled-jquery-affected-by-cve-2019-11358
- https://web.archive.org/web/20210614184115/https://share.ez.no/community-project/security-advisories/ezsa-2019-005-bundled-jquery-affected-by-cve-2019-11358
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime