Dears,
After executing a security test, some vulnerabilities have been found due to outdated javascript libraries. I don't know the usage of these libraries so I would like to know if you plan to update them (or if it can be planned) ?
Here are the details :
1) File www/include/common/javascript/jquery/jquery-ui.js includes a vulnerable version of the library "jquery-ui-dialog"
The library jquery-ui-dialog version 1.8.14 has known security issues.
For more information, visit those websites:
The library jquery version 1.7.2 has known security issues.
For more information, visit those websites:
After executing a security test, some vulnerabilities have been found due to outdated javascript libraries. I don't know the usage of these libraries so I would like to know if you plan to update them (or if it can be planned) ?
Here are the details :
1) File www/include/common/javascript/jquery/jquery-ui.js includes a vulnerable version of the library "jquery-ui-dialog"
The library jquery-ui-dialog version 1.8.14 has known security issues.
For more information, visit those websites:
- https://github.com/jquery/api.jqueryui.com/issues/281
- https://snyk.io/vuln/npm:jquery-ui:20160721
- Affected versions
The vulnerability is affecting all versions prior 1.12.0 (between * and 1.12.0)
Other considerations
The vulnerability might be affecting a feature of the library that the website is not using.
The library name and its version are identified based on a Retire.js signature. If the library identification is not correct, the prior vulnerability does not apply.
The library jquery version 1.7.2 has known security issues.
For more information, visit those websites:
- https://github.com/jquery/jquery/issues/2432
- http://blog.jquery.com/2016/01/08/jq...1-12-released/
- Affected versions
The vulnerability is affecting all versions prior 1.12.0 (between 1.4.0 and 1.12.0)
Other considerations
The vulnerability might be affecting a feature of the library that the website is not using.
The library name and its version are identified based on a Retire.js signature. If the library identification is not correct, the prior vulnerability does not apply.
Comment