Bug 1591840 (CVE-2012-6708)

Summary: CVE-2012-6708 js-jquery: XSS via improper selector detection
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aboyko, ahenning, alazarot, amackenz, amasferr, amctagga, anstephe, apevec, bcourt, bkearney, cbillett, chazlett, chrisw, cmacedo, cpelland, ctubbsii, dajohnso, dffrench, drieden, drusso, emingora, etirelli, fche, gblomqui, gmccullo, gtanzill, hhorak, hhudgeon, ibek, ipa-maint, jaruga, jhardy, jjoyce, jmadigan, jorton, jprause, jrokos, jschluet, jshepherd, jstastny, krathod, kverlaen, lberk, lgriffin, lhh, lpeer, markmc, maschmid, mburns, mgoodwin, mkudlej, mmccune, mnovotny, mrunge, nathans, ngough, nobody, ohadlevy, pcp-maint, pjindal, pskopek, puiterwijk, pvalena, pvoborni, pwright, python-maint, rbean, rbryant, rchan, rcritten, rdopiera, rguimara, rhcs-maint, rjerrido, roliveri, rrajasek, ruby-maint, sclewis, sguilhen, simaishi, slinaber, strzibny, tdecacqu, tjochec, tomckay, trepel, tscherf, tzimanyi, vondruch, yozone
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: js-jquery 1.9.0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-21 19:53:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1591841, 1591842, 1591843, 1591844, 1591845, 1591846, 1591847, 1591848, 1591849, 1591850, 1591851, 1610362, 1610363, 1610364, 1610365, 1610366, 1610367, 1610368, 1610369, 1610370    
Bug Blocks: 1591852, 2014197    

Description Pedro Sampaio 2018-06-15 17:14:55 UTC 
Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that jquery may interpret HTML as selectors when given certain inputs, allowing for client side code execution.

References:

https://bugs.jquery.com/ticket/11290
https://bugs.jquery.com/ticket/12531
https://bugs.jquery.com/ticket/6429
https://bugs.jquery.com/ticket/9521
https://nodesecurity.io/advisories/329
Comment 1 Pedro Sampaio 2018-06-15 17:16:44 UTC 
Created js-jquery tracking bugs for this issue:

Affects: fedora-all [bug 1591846]


Created js-jquery1 tracking bugs for this issue:

Affects: fedora-all [bug 1591842]


Created js-jquery2 tracking bugs for this issue:

Affects: fedora-all [bug 1591844]


Created python-XStatic-jQuery tracking bugs for this issue:

Affects: epel-7 [bug 1591849]
Affects: fedora-all [bug 1591841]


Created python-tw2-jquery tracking bugs for this issue:

Affects: epel-all [bug 1591845]
Affects: fedora-all [bug 1591843]


Created rubygem-jquery-rails tracking bugs for this issue:

Affects: fedora-all [bug 1591847]
Comment 3 James Hebden 2018-06-20 08:14:01 UTC 
Marking OpenStack not affected, due to the packaged version being at least 1.10.1 across all releases. Per the advisory, the patch is present in 1.9.0+
Comment 4 Cedric Buissart 2018-07-13 10:53:27 UTC 
Renamed from CVE-2017-16011 to CVE-2012-6708 (see https://nvd.nist.gov/vuln/detail/CVE-2017-16011)
Comment 5 Cedric Buissart 2018-07-13 11:00:04 UTC 
External References:

https://snyk.io/vuln/npm:jquery:20120206
Comment 6 Cedric Buissart 2018-07-13 11:49:53 UTC 
Upstream fix:
https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d