CVE-2007-2379

Description

The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

How to fix CVE-2007-2379

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Debian/jquery—no fix listed

Is CVE-2007-2379 being exploited?

Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0

References (3)

• ADVISORYsecurity.netapp.com/advisory/ntap-20190416-0007/
• WEBosvdb.org/43320
• WEBwww.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf