0026357: Vulnerability from library JQuery 2.2.4

ID	Project	Category	View Status	Date Submitted	Last Update
0026357	mantisbt	security	public	2019-11-15 03:00	2025-04-13 11:40

Reporter	jcamara	Assigned To
Priority	normal	Severity	minor	Reproducibility	N/A
Status	acknowledged	Resolution	open
Product Version	2.22.0

Summary	0026357: Vulnerability from library JQuery 2.2.4
Description	Our security department reports a pair of known vulnerabilities related with JQuery 2.2.4: https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/version_id-286394/Jquery-Jquery-2.2.4.html The suggestion is promoting JQuery version as far as possible.
Tags	No tags attached.

related to	0021214	closed	community	Update jQuery to 2.2.4
has duplicate	0026384	closed	dregad	Outdated jquery and bootstrap copies with known vulnerabilities
has duplicate	0029305	closed	dregad	Vulnerability in JQuery 2.2.4 Library
has duplicate	0029742	closed	atrol	Multiple vulnerabilities in jquery
has duplicate	0032727	closed	dregad	jQuery XSS Vulnerability
has duplicate	0034416	closed	dregad	NESSUS reports vuln for jquery and typahead
has duplicate	0034507	closed	atrol	dependencies out of support with vulnerabilities
has duplicate	0035126	acknowledged		Upgrade Bootstrap to a supported version to fix security vulnerabilities

dregad 2019-11-15 03:20 developer ~0063096	Thanks for the report. Unfortunately, we are currently on the latest jQuery 2.x release, which is no longer receiving patches. Upgrading to 3.x is not a small undertaking, considering the number of breaking changes, and would require extensinve testing to ensure full compatibility; sadly we do not have the bandwidth for taking this on at the moment. Contributions are welcome.

Pranali Parate 2025-04-13 11:40 reporter ~0070141	I am also facing same issue