GHSA-89ch-hqf9-rgp3
GitHub Security Advisory
Using JS libraries with known security vulnerabilities
✓ GitHub Reviewed
HIGH
Has CVE
Advisory Details
An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities.
Affected Packages
Packagist
magento/community-edition
Affected versions:
2.2
(fixed in 2.2.10)
Packagist
magento/community-edition
Affected versions:
2.3
(fixed in 2.3.3)
Packagist
magento/product-community-edition
Affected versions:
2.2
(fixed in 2.2.10)
Packagist
magento/product-community-edition
Affected versions:
2.3
(fixed in 2.3.2-p2)
Related CVEs
Key Information
7.5
/10
Dataset
Last updated: July 1, 2025 6:26 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.