266905 – ports-mgmt/poudriere: consider an upgrade to JQuery

Bug 266905 - ports-mgmt/poudriere: consider an upgrade to JQuery

Summary: ports-mgmt/poudriere: consider an upgrade to JQuery

Status:	New

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Bryan Drewery

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-10-08 14:42 UTC by Ian Dickens
Modified:	2022-10-08 17:52 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (bdrewery)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ian Dickens 2022-10-08 14:42:38 UTC

Is there any way to bump up the jquery version from 1.11.1 to something newer?  Nessus is reporting that that version is vulnerable.  File location is /usr/local/share/poudriere/html/assets/jquery-1.11.1.min.js.  The blurb from the scan is:

JQuery 1.2 < 3.5.0 Multiple XSS
Description
According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.

Note, the vulnerabilities referenced in this plugin have no security impact on PAN-OS, and/or the scenarios required for successful exploitation do not exist on devices running a PAN-OS release.
Solution
Upgrade to JQuery version 3.5.0 or later.
See Also
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://security.paloaltonetworks.com/PAN-SA-2020-0007

Thanks,

Ian