jQuery is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain ajax request is performed without the dataType option causing text/javascript responses to be executed. Upstream bug: https://github.com/jquery/jquery/issues/2432 Upstream patch: https://github.com/jquery/jquery/commit/b078a62013782c7424a4a61a240c23c4c0b42614
Created python-tw2-jquery tracking bugs for this issue: Affects: fedora-all [bug 1399551] Affects: epel-all [bug 1399552]
Created js-jquery tracking bugs for this issue: Affects: fedora-all [bug 1399549] Affects: epel-7 [bug 1399550]
Created js-jquery1 tracking bugs for this issue: Affects: fedora-all [bug 1399547] Affects: epel-7 [bug 1399548]
Created python-XStatic-jQuery tracking bugs for this issue: Affects: fedora-all [bug 1399553] Affects: epel-7 [bug 1399554]
Created rubygem-jquery-rails tracking bugs for this issue: Affects: fedora-all [bug 1399556]
wontfixing openstack p2 products
*** Bug 1591857 has been marked as a duplicate of this bug. ***
Re: pcsd concerns - comment 17 All the ajax calls in pcsd are internal, i.e. pcsd is calling itself via ajax. Therefore, I do not think the vulnerability has any security impact.
This issue has been addressed in the following products: Red Hat Fuse 6.3 Via RHSA-2020:0481 https://access.redhat.com/errata/RHSA-2020:0481
This issue has been addressed in the following products: Red Hat Data Grid 7.3.5 Via RHSA-2020:0729 https://access.redhat.com/errata/RHSA-2020:0729
This issue has been addressed in the following products: Red Hat Fuse 7.6.0 Via RHSA-2020:0983 https://access.redhat.com/errata/RHSA-2020:0983
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3936 https://access.redhat.com/errata/RHSA-2020:3936
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4670 https://access.redhat.com/errata/RHSA-2020:4670
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4847 https://access.redhat.com/errata/RHSA-2020:4847
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2023:0553 https://access.redhat.com/errata/RHSA-2023:0553
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2023:0552 https://access.redhat.com/errata/RHSA-2023:0552
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Via RHSA-2023:0554 https://access.redhat.com/errata/RHSA-2023:0554
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2023:0556 https://access.redhat.com/errata/RHSA-2023:0556