jQuery Cross-Site Scripting (XSS) Vulnerability -- RabbitMQ
170 views
Skip to first unread message
Anusha R
Feb 21, 2024, 11:40:35 PM2/21/24
to rabbitmq-users
Hi Support team,
Could you please guide my how to resolve the subjected vulnerability. When i gone through few sites stated that jQuery has to be upgrade. This task needs to be done by RabbitMQ admin or by developers. Also please find my current RabbitMQ version details. Can we upgrade only jQuery or do we need to upgrade RabbitMQ and Erlang also.
RabbitMQ version : 3.7.9
Erlang Version :Erlang/OTP 21.3.8.13
Thanks in advance!
Anusha R
Feb 21, 2024, 11:52:00 PM2/21/24
to rabbitmq-users
In addition to above mail, please find below complete details.
CVE ID : CVE-2015-9251.
CVE ID : CVE-2015-9251.
Vendor Reference : jquery.
Threat: jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Affected Versions:
jQuery versions before 3.0
QID Detection Logic (un-Authenticated):
This QID checks version of jquery.js file
Affected Versions:
jQuery versions before 3.0
QID Detection Logic (un-Authenticated):
This QID checks version of jquery.js file
Impact : On successful exploitation is allows an attacker to execute xss attack.
Solution : The vendor has released a fix to resolve the vulnerability. Refer to jQuery downloads (https://jquery.com/download/) to obtain additional details.
Patch:Following are links for downloading patches to fix the vulnerabilities:
jQuery (https://jquery.com/download/)
Patch:Following are links for downloading patches to fix the vulnerabilities:
jQuery (https://jquery.com/download/)
Luke Bakken
Feb 22, 2024, 1:46:37 PM2/22/24
to rabbitmq-users
Hello,
RabbitMQ 3.7.9 is completely out of support. Please use a supported version of RabbitMQ - https://www.rabbitmq.com/docs/versions#currently-supported
Anusha R
Feb 23, 2024, 12:23:29 AM2/23/24
to rabbitmq-users
Hi Luke,
Thanks for your response!.
For few other dependencies we are not upgrading RabbitMQ in my firm. Could you please guide how to resolve the above vulnerabilities in my current environment.
Michal Kuratczyk
Feb 23, 2024, 2:36:24 AM2/23/24
to rabbitm...@googlegroups.com
If you choose to run an unsupported version, do not ask for support.
Also, if you care about security, don't run unsupported software versions.
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/2c6a977b-5e41-4c93-b6a7-7384cdc23186n%40googlegroups.com.
Michal
RabbitMQ Team
This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
Anusha R
Feb 26, 2024, 3:23:11 AM2/26/24
to rabbitmq-users
Hi Michal,
I understood!. But can at least get answers or update on below ask.
When i gone through few sites stated that jQuery has to be upgrade. This task needs to be done by RabbitMQ admin or by developers. Also please find my current RabbitMQ version details. Can we upgrade only jQuery or do we need to upgrade RabbitMQ and Erlang also.
Thanks in advance!.
Regards,
Anoosha R
Reply all
Reply to author
Forward
0 new messages