The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of jQuery jsTree: code execution via eval

Synthesis of the vulnerability

An attacker can use a vulnerability via eval() of jQuery jsTree, in order to run code.
Severity of this alert: 2/4.
Creation date: 14/06/2019.
Références of this alert: 2133, FEDORA-2019-38abc6b897, FEDORA-2019-a171291a47, VIGILANCE-VUL-29531.

Description of the vulnerability

An attacker can use a vulnerability via eval() of jQuery jsTree, in order to run code.
Full Vigil@nce bulletin... (Request your free trial)

This security note impacts software or systems such as Fedora, jQuery Core.

Our Vigil@nce team determined that the severity of this threat announce is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this computer weakness announce.

Solutions for this threat

jQuery jsTree: version 3.3.8.
The version 3.3.8 is fixed:
  https://github.com/vakata/jstree/

Fedora: new js-jquery-jstree packages.
New packages are available:
  Fedora 29: js-jquery-jstree 3.3.8-1.fc29
  Fedora 30: js-jquery-jstree 3.3.8-1.fc30
Full Vigil@nce bulletin... (Request your free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a computers vulnerabilities bulletin. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.