Your submission was sent successfully! Close

CVE-2022-23395

Published: 2 March 2022

jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS).

Priority

Low

CVSS 3 base score: 6.1

Status

Package Release Status
jquery-goodies
Launchpad, Ubuntu, Debian
bionic Not vulnerable

focal Not vulnerable

impish Not vulnerable

jammy Not vulnerable

trusty Not vulnerable

upstream Needs triage

xenial Not vulnerable

Notes

AuthorNote
amurray
The Debian chromium source package is called chromium-browser in
Ubuntu
mdeslaur
starting with Ubuntu 19.10, the chromium-browser package is just
a script that installs the Chromium snap
no indication chromium-browser is vulnerable to this issue
per the js-cookie bug, it is not vulnerable to this issue

References