Source: jquery-minicolors X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerability was published for jquery-minicolors. CVE-2021-4243[0]: | A vulnerability was found in claviska jquery-minicolors up to 2.3.5. | It has been rated as problematic. Affected by this issue is some | unknown functionality of the file jquery.minicolors.js. The | manipulation leads to cross site scripting. The attack may be launched | remotely. Upgrading to version 2.3.6 is able to address this issue. | The name of the patch is ef134824a7f4110ada53ea6c173111a4fa2f48f3. It | is recommended to upgrade the affected component. VDB-215306 is the | identifier assigned to this vulnerability. https://github.com/claviska/jquery-minicolors/releases/tag/2.3.6 https://github.com/claviska/jquery-minicolors/commit/ef134824a7f4110ada53ea6c173111a4fa2f48f3 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-4243 https://www.cve.org/CVERecord?id=CVE-2021-4243 Please adjust the affected versions in the BTS as needed. -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
