• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Jquery vulnerabilities pre 3.5.1

Scheduled Pinned Locked Moved webGUI
1 Posts 1 Posters 732 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    siteunfold
    last edited by Sep 16, 2021, 4:07 PM

    Hi all,

    Thanks for any help provided, its much appreciated.

    First off, I can see that Jquery was updated to 3.5.1 on branches 2.5.0, 2.5.1 and 2.5.2+ in the below commit. (which is great, thanks!)

    https://github.com/pfsense/pfsense/commit/e2e4c0d5452f36a3e468e43a78f2cc5316e34174

    Jquery 3.5.0 fixed a few security vulnerabilities as can be seen below:

    https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

    I would like to ask if anyone knows if the Pfsense webui was vulnerable to any of these security vulnerabilities in releases previous to 2.5.x? I ask this as the jquery vulnerabilities can only be taken advantage of if certain jquery functions are used in a certain way. I am not familiar enough with the Pfsense webui to work this out my self unfortunately.

    Thanks again for any discussion!

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received