Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Vulnerabilities from jquery doc scripts
See original GitHub issueGeneral information
- json-editor version: latest (2.6.0)
Expected behavior
Should not raise any vulnerabilities
Actual behavior
Multiple vulnerabilities raised for script usage of jquery plugin e.g. https://github.com/json-editor/json-editor/blob/master/docs/select2.html#L7, https://github.com/json-editor/json-editor/blob/master/docs/materialize_css.html#L78
Causes the following vulnerability - https://vuln.whitesourcesoftware.com/vulnerability/CVE-2019-11358
Steps to reproduce the behavior
Direct link to example: https://json-editor.github.io/json-editor/
{
"title": "json schema example",
"type": "object",
"properties": {
"example": {
"type": "string",
"description": "This is an example schema.",
"default": "Please edit me."
}
}
}
Issue Analytics
- State:
- Created 2 years ago
- Comments:5
Top Results From Across the Web
jquery@3.3.1 - Snyk Vulnerability Database
Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Passing HTML from untrusted sources - even after sanitizing it - to...
Read more >Security Bulletin: A cross-site scripting vulnerability in JQuery ...
DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this ...
Read more >10.1. Preventing Cross Site Scripting Vulnerabilities
Cross Site Scripting (XSS) vulnerabilities allow user-supplied data to be incorrectly executed as code in a web browser. It can be difficult to...
Read more >Cross-Site Scripting (XSS) in jquery - Vulners
Security Bulletin: API Connect is vulnerable to JQuery Cross-Site Scripting (XSS) and other vulnerabilities (CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, ...
Read more >CVE-2021-37504 Detail - NVD
A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Available in 2.6.1 😉
Hi @schmunk42 should’ve thought of this before - any chance a new tag could be made for this change please? Would be helpful for future reference to know which subversion is clear of the vulnerability 😄