Boletines de Vulnerabilidades

MSA-21-0011: JQuery versions below 3.5.0 contain some potential vulnerabilities (upstream)

Información sobre el sistema
   
Software afectado PHP

Descripción
by Michael Hawkins. The JQuery version used by Moodle required upgrading to 3.5.1 to patch some published potential vulnerabilities.Severity/Risk:MinorVersions affected:3.10 to 3.10.1, 3.9 to 3.9.4, 3.8 to 3.8.7, 3.5 to 3.5.16 and earlier unsupported versionsVersions fixed:3.10.2, 3.9.5, 3.8.8 and 3.5.17Reported by:Mike HenryCVE identifiers:CVE-2020-11022 and CVE-2020-11023Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69680Tracker

More info:

https://moodle.org/mod/forum/discuss.php?d=419655&parent=1691274

Identificadores estándar
Propiedad Valor
CVE CVE-2020-11022 and CVE-2020-11023.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2021-03-16

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT