On my OWASP ZAP scans of our app (which uses asp.ajax controls 2021.3), I get the following warning (see below).
Could you please advise whether there's any plans to update the embedded jquery library to the latest?
Medium (Medium) | Vulnerable JS Library |
---|---|
Description | The identified library jquery, version 1.12.4 is vulnerable. |
URL | https://test.xxxxx.com/Telerik.Web.UI.WebResource.axd?_TSM_CombinedScripts_=%3B%3BSystem.Web.Extensions%2C%20Version%3D4.0.0.0%2C%20Culture%3Dneutral%2C%20PublicKeyToken%3D31bf3856ad364e35%3Aen-GB%3Aba1d5018-bf9d-4762-82f6-06087a49b5f6%3Aea597d4b%3Ab25378d2%3BTelerik.Web.UI%2C%20Version%3D2021.3.914.45%2C%20Culture%3Dneutral%2C%20PublicKeyToken%3D121fae78165ba3d4%3Aen-GB%3Abd4f5d20-e2f4-41b1-99ef-02ee4a064af0%3A16e4e7cd%3Af7645509%3Aed16cbdc%3A88144a7a%3A33715776%3A24ee1bba%3A6d43f6d9%3Ac128760b%3A874f8ea2%3A19620875%3Ac172ae1e%3Af46195d3%3A9cdfc6e7%3Ae330518b%3A2003d0b8%3A1e771326%3Ac8618e41%3Ae4f8f289%3A1a73651d%3A16d8629e&_TSM_HiddenField_=RadScriptManager1_TSM&compress=1 |
Method | GET |
Evidence | /*! jQuery v1.12.4 |
Instances | 1 |
Solution | Please upgrade to the latest version of jquery. |
Other information | CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 |
Reference | https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ http://research.insecurelabs.org/jquery/test/ https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b https://bugs.jquery.com/ticket/11974 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ |
CWE Id | 829 |
Source ID | 3 |