[jira] [Updated] (OFBIZ-11752) CLONE - Check embedded Javascript libs vulnerabilities using retire.js
Locked
[jira] [Updated] (OFBIZ-11752) CLONE - Check embedded Javascript libs vulnerabilities using retire.js
 
|
[ https://issues.apache.org/jira/browse/OFBIZ-11752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Aditya Sharma updated OFBIZ-11752: ---------------------------------- Description: {code:java} C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.js ? jquery 1.11.0 has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-migrate-1.2.1.js ? jquery-migrate 1.2.1 has known vulnerabilities: severity: medium; bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 http://research.insecurelabs.org/jquery/test/ C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.min.js ? jquery 1.11.0.min has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\require.js ? jquery 1.7.1 has known vulnerabilities: severity: medium; bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.min.js ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.js ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\jquery-2.1.3.min.js ? jquery 2.1.3.min has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.js ? jquery-mobile 1.4.0 has known vulnerabilities: severity: medium; summary: open redirect leads to cross site scripting; http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.min.js ? jquery-mobile 1.4.0.min has known vulnerabilities: severity: medium; summary: open redirect leads to cross site scripting; http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\lib\jquery-1.7.2.min.js ? jquery 1.7.2.min has known vulnerabilities: severity: medium; bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 http://research.insecurelabs.org/jquery/test/ severity:medium; issue: 2432, summary: 3rd party CORS request may execute; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ C:\projectsASF\ofbiz-framework\plugins\birt\webapp\birt\webcontent\birt\ajax\lib\prototype.js ? prototypejs 1.4.0 has known vulnerabilities: severity: high; CVE: CVE-2008-7220; http://www.cvedetails.com/cve/CVE-2008-7220/ {code} So it's time to update again the Javascript embedded libs was: 1+ years ago I created the page https://cwiki.apache.org/confluence/display/OFBIZ/About+retire.js I just checked again and here are the results {code} C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.js ? jquery 1.11.0 has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-migrate-1.2.1.js ? jquery-migrate 1.2.1 has known vulnerabilities: severity: medium; bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 http://research.insecurelabs.org/jquery/test/ C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.min.js ? jquery 1.11.0.min has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\require.js ? jquery 1.7.1 has known vulnerabilities: severity: medium; bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.min.js ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.js ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\jquery-2.1.3.min.js ? jquery 2.1.3.min has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.js ? jquery-mobile 1.4.0 has known vulnerabilities: severity: medium; summary: open redirect leads to cross site scripting; http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.min.js ? jquery-mobile 1.4.0.min has known vulnerabilities: severity: medium; summary: open redirect leads to cross site scripting; http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\lib\jquery-1.7.2.min.js ? jquery 1.7.2.min has known vulnerabilities: severity: medium; bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 http://research.insecurelabs.org/jquery/test/ severity:medium; issue: 2432, summary: 3rd party CORS request may execute; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ C:\projectsASF\ofbiz-framework\plugins\birt\webapp\birt\webcontent\birt\ajax\lib\prototype.js ? prototypejs 1.4.0 has known vulnerabilities: severity: high; CVE: CVE-2008-7220; http://www.cvedetails.com/cve/CVE-2008-7220/ {code} So it's time to update again the Javascript embedded libs > CLONE - Check embedded Javascript libs vulnerabilities using retire.js > ---------------------------------------------------------------------- > > Key: OFBIZ-11752 > URL: https://issues.apache.org/jira/browse/OFBIZ-11752 > Project: OFBiz > Issue Type: Sub-task > Components: ALL COMPONENTS > Affects Versions: Trunk > Reporter: Aditya Sharma > Assignee: Jacques Le Roux > Priority: Major > Labels: Javascript, retire.js, vulnerabilities > > > {code:java} > C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.js > ? jquery 1.11.0 has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ > > C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-migrate-1.2.1.js > ? jquery-migrate 1.2.1 has known vulnerabilities: severity: medium; bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 http://research.insecurelabs.org/jquery/test/ > C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.min.js > ? jquery 1.11.0.min has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ > C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\require.js > ? jquery 1.7.1 has known vulnerabilities: severity: medium; bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ > C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.min.js > ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; > https://github.com/angular/angular.js/blob/master/CHANGELOG.md > C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.js > ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; > https://github.com/angular/angular.js/blob/master/CHANGELOG.md > C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\jquery-2.1.3.min.js > ? jquery 2.1.3.min has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ > C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.js > ? jquery-mobile 1.4.0 has known vulnerabilities: severity: medium; summary: open redirect leads to cross site scripting; http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html > > C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.min.js > ? jquery-mobile 1.4.0.min has known vulnerabilities: severity: medium; summary: open redirect leads to cross site scripting; http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html > > C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\lib\jquery-1.7.2.min.js > ? jquery 1.7.2.min has known vulnerabilities: severity: medium; bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 http://research.insecurelabs.org/jquery/test/ severity:medium; issue: 2432, summary: 3rd party CORS request may execute; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ > > C:\projectsASF\ofbiz-framework\plugins\birt\webapp\birt\webcontent\birt\ajax\lib\prototype.js > ? prototypejs 1.4.0 has known vulnerabilities: severity: high; CVE: CVE-2008-7220; http://www.cvedetails.com/cve/CVE-2008-7220/ > {code} > So it's time to update again the Javascript embedded libs -- This message was sent by Atlassian Jira (v8.3.4#803005) |
«
Return to OFBiz - Notifications
|
1 view|%1 views
| Free forum by Nabble | Edit this page |