ZSA-2020-04
jQuery vulnerability
Problem
jQuery is a JavaScript third-party library which is being executed in the client's browser. OTRS Community Edition uses jQuery for all of its availabe frontends (agent, customer and public).
jQuery is vulnerable to "prototype pollution" in versions used by OTRS Community Edition prior to 6.0.26. For details see here: https://snyk.io/test/npm/jquery/3.2.1
Solution
Upgrade to the latest available OTRS patch level (https://ftp.otrs.org/pub/otrs/).
ATTENTION: Please check if you have any OTRS add-ons installed. In this case, these might contain customized OTRS framework files which need to be updated first. Please contact us instead.
Workaround
There is no workaround. Please follow the instructions under "Solution" above.