Description
An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities.
Remediation
References
Related Vulnerabilities
Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-39112)
WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.36)
Jolokia Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-0168)
WordPress Plugin WPML (WordPress Multilingual) Multiple Vulnerabilities (3.1.8.6)