Skip to main content

Exposure of Sensitive Information to an Unauthorized Actor

CVE-2007-2379

Severity Medium
Score 5.8/10

Summary

The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." The package maintainer disputes the validity of this vulnerability, hence there is no security fix. However, we considered this a potential issue that affects all the versions.

  • LOW
  • NETWORK
  • NONE
  • CHANGED
  • NONE
  • NONE
  • LOW
  • NONE

CWE-200 - Information Exposure

An information exposure vulnerability is categorized as an information flow (IF) weakness, which can potentially allow unauthorized access to otherwise classified information in the application, such as confidential personal information (demographics, financials, health records, etc.), business secrets, and the application's internal environment.

References

Advisory Timeline

  • Published