vulnerability in jquery #3927
Comments
|
Thanks for opening an issue. jQuery is a lower-level library that has convenience wrappers around native APIs. jQuery itself is not vulnerable, but you can do things with jQuery that would compromise the security of your site, just like you can do things with vanilla JS. These "7 known vulnerabilities" are in many ways ridiculous. Ultimately, users are responsible for the security of their sites. While jQuery still does it's best to keep users from making silly mistakes, jQuery can be misused and abused in many ways and it would be impossible to have impenetrable safeguards for all of them. The point is, there may actually be nothing wrong on your site, but I can tell you that this warning doesn't help you at all. |
|
Thanks Timmywil for your response, |
|
The scan tool may have some option to prevent specific vulnerabilities from being shown if you know you are unaffected. That is beyond the scope of this jQuery bug tracker though, you would need to look at their docs. |
Hello, please I would like to test the security of my project and when I scan it , I found a vulnerability : `jquery 3.2.1 [VULNERABLE] 7 known vulnerabilities, 1 affecting installed version
[CVE-2007-2379] The jQuery framework exchanges data using JavaScript Object Notation (JSON) with...
The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
`
so How can I suppress it , thanks :)
The text was updated successfully, but these errors were encountered: