Vulnerable Javascript library

1,492 views
Skip to first unread message

אייל זילברבלום

unread,
Dec 3, 2014, 8:03:53 AM12/3/14
to reviewb...@googlegroups.com

Hello,

I got the following report, and i wonder is there something that can be done to fix the issue?




Alert details

 

 

Vulnerable Javascript library

 

 

 

Severity

High

Type

Configuration

Reported by module

Scripting (Javascript_Libraries_Audit.script)

 

Description

 

You are using a vulnerable Javascript library. One or more vulnerabilities were reported for this version of the Javascript library. Consult Attack details and Web References for more information about the affected library and the vulnerabilities that were reported.

 

Impact

 

Consult Web References for more information.

 

Recommendation

 

Upgrade to the latest version.

 

References

 

http://bugs.jqueryui.com/ticket/6016

 

Affected items

 

/static/lib/js/jquery-ui-1.8.24.custom.min.f6148fb67d77.js

Details

Detected Javascript library jquery-ui-dialog version 1.8.24.
The version was detected from file content.

Request headers

GET /static/lib/js/jquery-ui-1.8.24.custom.min.f6148fb67d77.js HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://my-web-site/account/login/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: csrftoken=5mwG4u2ePpa8qqhg6rqr1muTDgLPSiT4
Host: rb.waves.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Acunetix-Product: WVS/9.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*

 

 

David Trowbridge

unread,
Dec 3, 2014, 7:06:57 PM12/3/14
to reviewb...@googlegroups.com
Looking at the referenced bug, this "vulnerability" isn't really a vulnerability at all, but rather just that it's possible to create XSS problems when using certain APIs. We happen to use those APIs correctly, so there's no issue.

-David

--

---
You received this message because you are subscribed to the Google Groups "reviewboard-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard-d...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages