How to disable the jquery easing reference from Jquery "src" file #2265
Description
Hi @everyone , I am using jQuery , jQuery UI and jQuery easing for my project and used via NPM (package.json).
While doing vulnerability scan jQuery UI / jQuery easing considered as vulnerability and security team recommended to remove the jQuery UI & jQuery Easing / Write wrapper for jQuery UI & jQuery.easing
I need a workaround to remove the reference of jQuery easing from Jquery lib source code either wrapper for jQuery easing.
Vulnerability description provided by our Appsec Team
Recommended Version(s): 1.14.0-beta.1
Explanation: The requirejs package is vulnerable to Prototype Pollution. The configure() function of the require.js and r.js files insufficiently restricts accessors such as __proto__ or constructor that could be abused to override the prototyped properties of JavaScript objects. A remote attacker can exploit this vulnerability by submitting a malicious JSON payload to any affected endpoint. Depending on how the polluted object is used throughout the affected application, this may result in data corruption, a Denial of Service (DoS) condition, Remote Code Execution (RCE), or other unexpected application behaviors.
Detection: The application is vulnerable by using this component.
Recommendation: There is no non-vulnerable upgrade path for this component/package. We recommend investigating alternative components or a potential mitigating control.
Threat Vectors: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Thanks in Advance ! Expecting helping hands
Regards,
Gopi