From: Alexander Moisseev Date: Sat, 9 Nov 2024 12:40:10 +0000 (+0300) Subject: [WebUI] Update RequireJS to address CVE-2024-38999 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=e87b2786467223478e7cb289780c963d2cab444e;p=rspamd.git [WebUI] Update RequireJS to address CVE-2024-38999 Upgraded RequireJS from 2.3.6 to 2.3.7 to mitigate prototype pollution vulnerability (CVE-2024-38999) in `s.contexts._.configure` function, which could allow arbitrary code execution or Denial of Service. --- diff --git a/interface/js/lib/require.min.js b/interface/js/lib/require.min.js index a4203f0d0..8ffd104c8 100644 --- a/interface/js/lib/require.min.js +++ b/interface/js/lib/require.min.js @@ -1,5 +1,5 @@ /** vim: et:ts=4:sw=4:sts=4 - * @license RequireJS 2.3.6 Copyright jQuery Foundation and other contributors. + * @license RequireJS 2.3.7 Copyright jQuery Foundation and other contributors. * Released under MIT license, https://github.com/requirejs/requirejs/blob/master/LICENSE */ -var requirejs,require,define;!function(global,setTimeout){var req,s,head,baseElement,dataMain,src,interactiveScript,currentlyAddingScript,mainScript,subPath,version="2.3.6",commentRegExp=/\/\*[\s\S]*?\*\/|([^:"'=]|^)\/\/.*$/gm,cjsRequireRegExp=/[^.]\s*require\s*\(\s*["']([^'"\s]+)["']\s*\)/g,jsSuffixRegExp=/\.js$/,currDirRegExp=/^\.\//,op=Object.prototype,ostring=op.toString,hasOwn=op.hasOwnProperty,isBrowser=!("undefined"==typeof window||"undefined"==typeof navigator||!window.document),isWebWorker=!isBrowser&&"undefined"!=typeof importScripts,readyRegExp=isBrowser&&"PLAYSTATION 3"===navigator.platform?/^complete$/:/^(complete|loaded)$/,defContextName="_",isOpera="undefined"!=typeof opera&&"[object Opera]"===opera.toString(),contexts={},cfg={},globalDefQueue=[],useInteractive=!1;function commentReplace(e,t){return t||""}function isFunction(e){return"[object Function]"===ostring.call(e)}function isArray(e){return"[object Array]"===ostring.call(e)}function each(e,t){var i;if(e)for(i=0;i