Created
September 23, 2019 13:01
Revisions
-
Jnchi created this gist
Sep 23, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,40 @@ # WordPress and jQuery WordPress v5.2.2 ships with a patched version of jQuery v1.12.4, with backports from 3.4.0; however, it is difficult to verify that the fixes have been applied. Two flaws found for jQuery v1.12.4 via Snyk: - [Prototype Pollution](https://snyk.io/vuln/SNYK-JS-JQUERY-174006) Commit: https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b - [Cross-site Scripting (XSS)](https://snyk.io/vuln/npm:jquery:20150627) Commit: https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc?diff=unified Download WordPress 5.2.2 and decompress, URL: file:///wordpress-5.2.2/wordpress/wp-includes/js/jquery/jquery.js 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df *wordpress-5.2.2/wordpress/wp-includes/js/jquery/jquery.js Commit: https://github.com/WordPress/WordPress/blob/80aee4ae87343ea3990314c453793d334beb8ebb/wp-includes/js/jquery/jquery.js ```js /*! jQuery v1.12.4 | (c) jQuery Foundation | jquery.org/license | WordPress 2019-05-16 */ ``` Download jQuery 1.12.4, URL: https://code.jquery.com/jquery-1.12.4.min.js 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404 *jquery-1.12.4.min.js ```js /*! jQuery v1.12.4 | (c) jQuery Foundation | jquery.org/license */ ``` Resources: - https://wordpress.org/download/releases - https://snyk.io/vuln/npm:jquery@1.12.4