Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Jquery vulnerabilities pre 3.5.1

    Scheduled Pinned Locked Moved webGUI
    1 Posts 1 Posters 847 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      siteunfold
      last edited by

      Hi all,

      Thanks for any help provided, its much appreciated.

      First off, I can see that Jquery was updated to 3.5.1 on branches 2.5.0, 2.5.1 and 2.5.2+ in the below commit. (which is great, thanks!)

      https://github.com/pfsense/pfsense/commit/e2e4c0d5452f36a3e468e43a78f2cc5316e34174

      Jquery 3.5.0 fixed a few security vulnerabilities as can be seen below:

      https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

      I would like to ask if anyone knows if the Pfsense webui was vulnerable to any of these security vulnerabilities in releases previous to 2.5.x? I ask this as the jquery vulnerabilities can only be taken advantage of if certain jquery functions are used in a certain way. I am not familiar enough with the Pfsense webui to work this out my self unfortunately.

      Thanks again for any discussion!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.