[Med] Snyk: Prototype Pollution (due 6/10/19) #439

rjayasekera · 2019-04-11T13:54:31Z

https://app.snyk.io/vuln/SNYK-JS-JQUERY-174006

Overview
jquery is a JavaScript library. It makes things like HTML document traversal and manipulation, event handling, animation, and Ajax much simpler with an easy-to-use API that works across a multitude of browsers.

Affected versions of this package are vulnerable to Prototype Pollution. The extend function can be tricked into modifying the prototype of Object when the attacker controls part of the structure passed to this function. This can let an attacker add or modify an existing property that will then exist on all objects.

Vulnerable module: jquery
Introduced through: jquery@3.2.1

Remediation
~~A fix was pushed into the master branch but not yet published.~~
Upgrade jquery to version 3.4.0 or higher. [edit: 6/17/19]

jason-upchurch · 2019-05-17T16:21:53Z

Ran CLI snyk test --file=package.json and saw no warning. Opened issue with snyk: https://github.com/snyk/snyk/issues/524

rjayasekera added the Needs refinement label Apr 11, 2019

rjayasekera added this to the Sprint 8.6 milestone Apr 11, 2019

rjayasekera mentioned this issue Apr 11, 2019

Check logs sprint 8.5 week 2 fecgov/openFEC#3653

Closed

pkfec changed the title ~~Prototype Pollution -- MEDIUM SEVERITY (from check logs~~ [ MEDIUM]Prototype Pollution fix by 20190610 Apr 11, 2019

pkfec modified the milestones: Sprint 8.6, Sprint 8.7 Apr 11, 2019

fecjjeng mentioned this issue Apr 17, 2019

Check logs sprint 8.6 week 1 fecgov/openFEC#3691

Closed

jason-upchurch modified the milestones: Sprint 8.7, PI 9 Apr 24, 2019

jason-upchurch mentioned this issue Apr 24, 2019

Check logs sprint 8.6 week 2 fecgov/openFEC#3692

Closed

hcaofec mentioned this issue May 1, 2019

Check logs sprint 8.7 week 1 fecgov/openFEC#3720

Closed

fec-jli mentioned this issue May 8, 2019

Check logs sprint 8.7 week 2 fecgov/openFEC#3721

Closed

PaulClark2 modified the milestones: PI 9 (placeholder), Sprint 9.1 May 15, 2019

jason-upchurch changed the title ~~[ MEDIUM]Prototype Pollution fix by 20190610~~ [Med] Snyk: Prototype Pollution (due 6/10/19) May 16, 2019

jason-upchurch added the Security: moderate Remediate within 60 days label May 16, 2019

jason-upchurch mentioned this issue May 16, 2019

Check logs PI planning week fecgov/openFEC#3766

Closed

AmyKort removed the Needs refinement label May 16, 2019

jason-upchurch self-assigned this May 17, 2019

jason-upchurch closed this as completed May 20, 2019

This was referenced May 23, 2019

Check logs sprint 9.1 week 1 fecgov/openFEC#3773

Closed

Check logs sprint 9.1 week 2 fecgov/openFEC#3774

Closed

fec-jli mentioned this issue Jun 5, 2019

Check logs sprint 9.2 week 1 fecgov/openFEC#3794

Closed

This was referenced Jun 13, 2019

Check logs sprint 9.2 week 2 fecgov/openFEC#3795

Closed

Check logs sprint 9.3 week 1 fecgov/openFEC#3820

Closed

hcaofec mentioned this issue Jun 26, 2019

Check logs sprint 9.3 week 2 fecgov/openFEC#3821

Closed

patphongs mentioned this issue Feb 29, 2024

Epic: Stability and reliability fecgov/fec-epics#137

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Med] Snyk: Prototype Pollution (due 6/10/19) #439

[Med] Snyk: Prototype Pollution (due 6/10/19) #439

rjayasekera commented Apr 11, 2019 •

edited by jason-upchurch

jason-upchurch commented May 17, 2019

[Med] Snyk: Prototype Pollution (due 6/10/19) #439

[Med] Snyk: Prototype Pollution (due 6/10/19) #439

Comments

rjayasekera commented Apr 11, 2019 • edited by jason-upchurch

jason-upchurch commented May 17, 2019

rjayasekera commented Apr 11, 2019 •

edited by jason-upchurch