Merge pull request #4982 from github/Rudloff-GHSA-6c3j-c64m-qhgq

advisory-database[bot] · web-flow · commit dd3516fb13a9 · 2024-11-05T20:16:56.000Z
diff --git a/advisories/github-reviewed/2019/04/GHSA-6c3j-c64m-qhgq/GHSA-6c3j-c64m-qhgq.json b/advisories/github-reviewed/2019/04/GHSA-6c3j-c64m-qhgq/GHSA-6c3j-c64m-qhgq.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6c3j-c64m-qhgq",
-  "modified": "2024-04-22T19:44:42Z",
+  "modified": "2024-04-22T19:44:44Z",
   "published": "2019-04-26T16:29:11Z",
   "aliases": [
     "CVE-2019-11358"
@@ -17,94 +17,94 @@
   "affected": [
     {
       "package": {
-        "ecosystem": "npm",
-        "name": "jquery"
+        "ecosystem": "RubyGems",
+        "name": "jquery-rails"
       },
       "ranges": [
         {
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "1.1.4"
+              "introduced": "0"
             },
             {
-              "fixed": "3.4.0"
+              "fixed": "4.3.4"
             }
           ]
         }
       ]
     },
     {
       "package": {
-        "ecosystem": "RubyGems",
-        "name": "jquery-rails"
+        "ecosystem": "PyPI",
+        "name": "django"
       },
       "ranges": [
         {
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "2.0a1"
             },
             {
-              "fixed": "4.3.4"
+              "fixed": "2.1.9"
             }
           ]
         }
       ]
     },
     {
       "package": {
-        "ecosystem": "NuGet",
-        "name": "jQuery"
+        "ecosystem": "PyPI",
+        "name": "django"
       },
       "ranges": [
         {
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "1.1.4"
+              "introduced": "2.2a1"
             },
             {
-              "fixed": "3.4.0"
+              "fixed": "2.2.2"
             }
           ]
         }
       ]
     },
     {
       "package": {
-        "ecosystem": "PyPI",
-        "name": "django"
+        "ecosystem": "npm",
+        "name": "jquery"
       },
       "ranges": [
         {
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "2.0a1"
+              "introduced": "1.1.4"
             },
             {
-              "fixed": "2.1.9"
+              "fixed": "3.4.0"
             }
           ]
         }
       ]
     },
     {
       "package": {
-        "ecosystem": "PyPI",
-        "name": "django"
+        "ecosystem": "NuGet",
+        "name": "jQuery"
       },
       "ranges": [
         {
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "2.2a1"
+              "introduced": "1.1.4"
             },
             {
-              "fixed": "2.2.2"
+              "fixed": "3.4.0"
             }
           ]
         }
@@ -128,6 +128,25 @@
           ]
         }
       ]
+    },
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "maximebf/debugbar"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.19.0"
+            }
+          ]
+        }
+      ]
     }
   ],
   "references": [
@@ -155,10 +174,6 @@
       "type": "WEB",
       "url": "https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad"
     },
-    {
-      "type": "WEB",
-      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5"
-    },
     {
       "type": "WEB",
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA"
@@ -195,10 +210,18 @@
       "type": "WEB",
       "url": "https://seclists.org/bugtraq/2019/May/18"
     },
+    {
+      "type": "WEB",
+      "url": "https://security.netapp.com/advisory/ntap-20190919-0001"
+    },
     {
       "type": "WEB",
       "url": "https://www.tenable.com/security/tns-2020-02"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5"
+    },
     {
       "type": "WEB",
       "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F"
@@ -243,10 +266,6 @@
       "type": "WEB",
       "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
     },
-    {
-      "type": "WEB",
-      "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E"
-    },
     {
       "type": "WEB",
       "url": "https://www.tenable.com/security/tns-2019-08"
@@ -331,13 +350,17 @@
       "type": "WEB",
       "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
     },
+    {
+      "type": "WEB",
+      "url": "https://security.snyk.io/vuln/SNYK-PHP-MAXIMEBFDEBUGBAR-8340632"
+    },
     {
       "type": "WEB",
       "url": "https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226"
     },
     {
       "type": "WEB",
-      "url": "https://security.netapp.com/advisory/ntap-20190919-0001"
+      "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E"
     },
     {
       "type": "WEB",

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-6c3j-c64m-qhgq",`
`4`		`- "modified": "2024-04-22T19:44:42Z",`
	`4`	`+ "modified": "2024-04-22T19:44:44Z",`
`5`	`5`	`"published": "2019-04-26T16:29:11Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2019-11358"`
`@@ -17,94 +17,94 @@`
`17`	`17`	`"affected": [`
`18`	`18`	`{`
`19`	`19`	`"package": {`
`20`		`- "ecosystem": "npm",`
`21`		`- "name": "jquery"`
	`20`	`+ "ecosystem": "RubyGems",`
	`21`	`+ "name": "jquery-rails"`
`22`	`22`	`},`
`23`	`23`	`"ranges": [`
`24`	`24`	`{`
`25`	`25`	`"type": "ECOSYSTEM",`
`26`	`26`	`"events": [`
`27`	`27`	`{`
`28`		`- "introduced": "1.1.4"`
	`28`	`+ "introduced": "0"`
`29`	`29`	`},`
`30`	`30`	`{`
`31`		`- "fixed": "3.4.0"`
	`31`	`+ "fixed": "4.3.4"`
`32`	`32`	`}`
`33`	`33`	`]`
`34`	`34`	`}`
`35`	`35`	`]`
`36`	`36`	`},`
`37`	`37`	`{`
`38`	`38`	`"package": {`
`39`		`- "ecosystem": "RubyGems",`
`40`		`- "name": "jquery-rails"`
	`39`	`+ "ecosystem": "PyPI",`
	`40`	`+ "name": "django"`
`41`	`41`	`},`
`42`	`42`	`"ranges": [`
`43`	`43`	`{`
`44`	`44`	`"type": "ECOSYSTEM",`
`45`	`45`	`"events": [`
`46`	`46`	`{`
`47`		`- "introduced": "0"`
	`47`	`+ "introduced": "2.0a1"`
`48`	`48`	`},`
`49`	`49`	`{`
`50`		`- "fixed": "4.3.4"`
	`50`	`+ "fixed": "2.1.9"`
`51`	`51`	`}`
`52`	`52`	`]`
`53`	`53`	`}`
`54`	`54`	`]`
`55`	`55`	`},`
`56`	`56`	`{`
`57`	`57`	`"package": {`
`58`		`- "ecosystem": "NuGet",`
`59`		`- "name": "jQuery"`
	`58`	`+ "ecosystem": "PyPI",`
	`59`	`+ "name": "django"`
`60`	`60`	`},`
`61`	`61`	`"ranges": [`
`62`	`62`	`{`
`63`	`63`	`"type": "ECOSYSTEM",`
`64`	`64`	`"events": [`
`65`	`65`	`{`
`66`		`- "introduced": "1.1.4"`
	`66`	`+ "introduced": "2.2a1"`
`67`	`67`	`},`
`68`	`68`	`{`
`69`		`- "fixed": "3.4.0"`
	`69`	`+ "fixed": "2.2.2"`
`70`	`70`	`}`
`71`	`71`	`]`
`72`	`72`	`}`
`73`	`73`	`]`
`74`	`74`	`},`
`75`	`75`	`{`
`76`	`76`	`"package": {`
`77`		`- "ecosystem": "PyPI",`
`78`		`- "name": "django"`
	`77`	`+ "ecosystem": "npm",`
	`78`	`+ "name": "jquery"`
`79`	`79`	`},`
`80`	`80`	`"ranges": [`
`81`	`81`	`{`
`82`	`82`	`"type": "ECOSYSTEM",`
`83`	`83`	`"events": [`
`84`	`84`	`{`
`85`		`- "introduced": "2.0a1"`
	`85`	`+ "introduced": "1.1.4"`
`86`	`86`	`},`
`87`	`87`	`{`
`88`		`- "fixed": "2.1.9"`
	`88`	`+ "fixed": "3.4.0"`
`89`	`89`	`}`
`90`	`90`	`]`
`91`	`91`	`}`
`92`	`92`	`]`
`93`	`93`	`},`
`94`	`94`	`{`
`95`	`95`	`"package": {`
`96`		`- "ecosystem": "PyPI",`
`97`		`- "name": "django"`
	`96`	`+ "ecosystem": "NuGet",`
	`97`	`+ "name": "jQuery"`
`98`	`98`	`},`
`99`	`99`	`"ranges": [`
`100`	`100`	`{`
`101`	`101`	`"type": "ECOSYSTEM",`
`102`	`102`	`"events": [`
`103`	`103`	`{`
`104`		`- "introduced": "2.2a1"`
	`104`	`+ "introduced": "1.1.4"`
`105`	`105`	`},`
`106`	`106`	`{`
`107`		`- "fixed": "2.2.2"`
	`107`	`+ "fixed": "3.4.0"`
`108`	`108`	`}`
`109`	`109`	`]`
`110`	`110`	`}`
`@@ -128,6 +128,25 @@`
`128`	`128`	`]`
`129`	`129`	`}`
`130`	`130`	`]`
	`131`	`+ },`
	`132`	`+ {`
	`133`	`+ "package": {`
	`134`	`+ "ecosystem": "Packagist",`
	`135`	`+ "name": "maximebf/debugbar"`
	`136`	`+ },`
	`137`	`+ "ranges": [`
	`138`	`+ {`
	`139`	`+ "type": "ECOSYSTEM",`
	`140`	`+ "events": [`
	`141`	`+ {`
	`142`	`+ "introduced": "0"`
	`143`	`+ },`
	`144`	`+ {`
	`145`	`+ "fixed": "1.19.0"`
	`146`	`+ }`
	`147`	`+ ]`
	`148`	`+ }`
	`149`	`+ ]`
`131`	`150`	`}`
`132`	`151`	`],`
`133`	`152`	`"references": [`
`@@ -155,10 +174,6 @@`
`155`	`174`	`"type": "WEB",`
`156`	`175`	`"url": "https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad"`
`157`	`176`	`},`
`158`		`- {`
`159`		`- "type": "WEB",`
`160`		`- "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5"`
`161`		`- },`
`162`	`177`	`{`
`163`	`178`	`"type": "WEB",`
`164`	`179`	`"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA"`
`@@ -195,10 +210,18 @@`
`195`	`210`	`"type": "WEB",`
`196`	`211`	`"url": "https://seclists.org/bugtraq/2019/May/18"`
`197`	`212`	`},`
	`213`	`+ {`
	`214`	`+ "type": "WEB",`
	`215`	`+ "url": "https://security.netapp.com/advisory/ntap-20190919-0001"`
	`216`	`+ },`
`198`	`217`	`{`
`199`	`218`	`"type": "WEB",`
`200`	`219`	`"url": "https://www.tenable.com/security/tns-2020-02"`
`201`	`220`	`},`
	`221`	`+ {`
	`222`	`+ "type": "WEB",`
	`223`	`+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5"`
	`224`	`+ },`
`202`	`225`	`{`
`203`	`226`	`"type": "WEB",`
`204`	`227`	`"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F"`
`@@ -243,10 +266,6 @@`
`243`	`266`	`"type": "WEB",`
`244`	`267`	`"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"`
`245`	`268`	`},`
`246`		`- {`
`247`		`- "type": "WEB",`
`248`		`- "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E"`
`249`		`- },`
`250`	`269`	`{`
`251`	`270`	`"type": "WEB",`
`252`	`271`	`"url": "https://www.tenable.com/security/tns-2019-08"`
`@@ -331,13 +350,17 @@`
`331`	`350`	`"type": "WEB",`
`332`	`351`	`"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"`
`333`	`352`	`},`
	`353`	`+ {`
	`354`	`+ "type": "WEB",`
	`355`	`+ "url": "https://security.snyk.io/vuln/SNYK-PHP-MAXIMEBFDEBUGBAR-8340632"`
	`356`	`+ },`
`334`	`357`	`{`
`335`	`358`	`"type": "WEB",`
`336`	`359`	`"url": "https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226"`
`337`	`360`	`},`
`338`	`361`	`{`
`339`	`362`	`"type": "WEB",`
`340`		`- "url": "https://security.netapp.com/advisory/ntap-20190919-0001"`
	`363`	`+ "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E"`
`341`	`364`	`},`
`342`	`365`	`{`
`343`	`366`	`"type": "WEB",`