You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi @everyone , I am using jQuery , jQuery UI and jQuery easing for my project and used via NPM (package.json).
While doing vulnerability scan jQuery UI / jQuery easing considered as vulnerability and security team recommended to remove the jQuery UI & jQuery Easing / Write wrapper for jQuery UI & jQuery.easing
I need a workaround to remove the reference of jQuery easing from Jquery lib source code either wrapper for jQuery easing.
Vulnerability description provided by our Appsec Team
Recommended Version(s): 1.14.0-beta.1
Explanation: The requirejs package is vulnerable to Prototype Pollution. The configure() function of the require.js and r.js files insufficiently restricts accessors such as __proto__ or constructor that could be abused to override the prototyped properties of JavaScript objects. A remote attacker can exploit this vulnerability by submitting a malicious JSON payload to any affected endpoint. Depending on how the polluted object is used throughout the affected application, this may result in data corruption, a Denial of Service (DoS) condition, Remote Code Execution (RCE), or other unexpected application behaviors.
Detection: The application is vulnerable by using this component.
Recommendation: There is no non-vulnerable upgrade path for this component/package. We recommend investigating alternative components or a potential mitigating control.
Threat Vectors: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Thanks in Advance ! Expecting helping hands
Regards,
Gopi
The text was updated successfully, but these errors were encountered:
Hi @everyone , I am using jQuery , jQuery UI and jQuery easing for my project and used via NPM (package.json).
While doing vulnerability scan jQuery UI / jQuery easing considered as vulnerability and security team recommended to remove the jQuery UI & jQuery Easing / Write wrapper for jQuery UI & jQuery.easing
I need a workaround to remove the reference of jQuery easing from Jquery lib source code either wrapper for jQuery easing.
Vulnerability description provided by our Appsec Team
Recommended Version(s): 1.14.0-beta.1
Explanation: The
requirejs
package is vulnerable to Prototype Pollution. Theconfigure()
function of therequire.js
andr.js
files insufficiently restricts accessors such as__proto__
orconstructor
that could be abused to override the prototyped properties of JavaScript objects. A remote attacker can exploit this vulnerability by submitting a malicious JSON payload to any affected endpoint. Depending on how the polluted object is used throughout the affected application, this may result in data corruption, a Denial of Service (DoS) condition, Remote Code Execution (RCE), or other unexpected application behaviors.Detection: The application is vulnerable by using this component.
Recommendation: There is no non-vulnerable upgrade path for this component/package. We recommend investigating alternative components or a potential mitigating control.
Threat Vectors: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Thanks in Advance ! Expecting helping hands
Regards,
Gopi
The text was updated successfully, but these errors were encountered: