Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-1525 Issue to group security concerns
  3. OFBIZ-11752

CLONE - Check embedded Javascript libs vulnerabilities using retire.js

    XMLWordPrintableJSON

    Details

    • Sprint:
      Bug Crush Event - 21/2/2015

      Description

      Trunk

      /ofbiz-framework/plugins/solr/webapp/solr/js/require.js
       ↳ jquery 1.7.1
      jquery 1.7.1 has known vulnerabilities: severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b severity: medium; summary: Regex in its jQuery.htmlPrefilter  sometimes may introduce XSS; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
      /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-cookies.min.js
       ↳ angularjs 1.3.8
      angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: Prototype pollution; https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19 severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21 severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
      /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-resource.min.js
       ↳ angularjs 1.3.8
      angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: Prototype pollution; https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19 severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21 severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
      /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-route.min.js
       ↳ angularjs 1.3.8
      angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: Prototype pollution; https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19 severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21 severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
      /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-sanitize.min.js
       ↳ angularjs 1.3.8
      angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: Prototype pollution; https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19 severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21 severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
      /ofbiz-framework/plugins/solr/webapp/solr/libs/angular.js
       ↳ angularjs 1.3.8
      angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: Prototype pollution; https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19 severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21 severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
      /ofbiz-framework/plugins/solr/webapp/solr/libs/angular.min.js
       ↳ angularjs 1.3.8
      angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: Prototype pollution; https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19 severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21 severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
      /ofbiz-framework/plugins/solr/webapp/solr/libs/jquery-2.1.3.min.js
       ↳ jquery 2.1.3
      jquery 2.1.3 has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b severity: medium; summary: Regex in its jQuery.htmlPrefilter  sometimes may introduce XSS; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
      /ofbiz-framework/plugins/solr/webapp/solr/js/lib/jquery-1.7.2.min.js
       ↳ jquery 1.7.2
      jquery 1.7.2 has known vulnerabilities: severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b severity: medium; summary: Regex in its jQuery.htmlPrefilter  sometimes may introduce XSS; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
      

      Release 18.12

      /ofbiz-framework/plugins/solr/webapp/solr/js/require.js
       ↳ jquery 1.7.1
      jquery 1.7.1 has known vulnerabilities: severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b severity: medium; summary: Regex in its jQuery.htmlPrefilter  sometimes may introduce XSS; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
      /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-cookies.min.js
       ↳ angularjs 1.3.8
      angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: Prototype pollution; https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19 severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21 severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
      /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-resource.min.js
       ↳ angularjs 1.3.8
      angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: Prototype pollution; https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19 severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21 severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
      /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-route.min.js
       ↳ angularjs 1.3.8
      angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: Prototype pollution; https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19 severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21 severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
      /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-sanitize.min.js
       ↳ angularjs 1.3.8
      angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: Prototype pollution; https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19 severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21 severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
      /ofbiz-framework/plugins/solr/webapp/solr/libs/angular.js
       ↳ angularjs 1.3.8
      angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: Prototype pollution; https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19 severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21 severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
      /ofbiz-framework/plugins/solr/webapp/solr/libs/angular.min.js
       ↳ angularjs 1.3.8
      angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: Prototype pollution; https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19 severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21 severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
      /ofbiz-framework/plugins/solr/webapp/solr/libs/jquery-2.1.3.min.js
       ↳ jquery 2.1.3
      jquery 2.1.3 has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b severity: medium; summary: Regex in its jQuery.htmlPrefilter  sometimes may introduce XSS; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
      /ofbiz-framework/plugins/solr/webapp/solr/js/lib/jquery-1.7.2.min.js
       ↳ jquery 1.7.2
      jquery 1.7.2 has known vulnerabilities: severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b severity: medium; summary: Regex in its jQuery.htmlPrefilter  sometimes may introduce XSS; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
      
      

      Release 17.12

       /ofbiz-framework/plugins/solr/webapp/solr/js/require.js
       ↳ jquery 1.7.1
      jquery 1.7.1 has known vulnerabilities: severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b severity: medium; summary: Regex in its jQuery.htmlPrefilter  sometimes may introduce XSS; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
      /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-cookies.min.js
       ↳ angularjs 1.3.8
      angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: Prototype pollution; https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19 severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21 severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
      /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-resource.min.js
       ↳ angularjs 1.3.8
      angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: Prototype pollution; https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19 severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21 severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
      /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-route.min.js
       ↳ angularjs 1.3.8
      angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: Prototype pollution; https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19 severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21 severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
      /ofbiz-framework/plugins/solr/webapp/solr/libs/angular-sanitize.min.js
       ↳ angularjs 1.3.8
      angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: Prototype pollution; https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19 severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21 severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
      /ofbiz-framework/plugins/solr/webapp/solr/libs/angular.js
       ↳ angularjs 1.3.8
      angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: Prototype pollution; https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19 severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21 severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
      /ofbiz-framework/plugins/solr/webapp/solr/libs/angular.min.js
       ↳ angularjs 1.3.8
      angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: Prototype pollution; https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19 severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21 severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md https://github.com/angular/angular.js/pull/15699 severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
      /ofbiz-framework/plugins/solr/webapp/solr/libs/jquery-2.1.3.min.js
       ↳ jquery 2.1.3
      jquery 2.1.3 has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b severity: medium; summary: Regex in its jQuery.htmlPrefilter  sometimes may introduce XSS; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
      /ofbiz-framework/themes/common/webapp/common/js/jquery/jquery-3.4.1.min.js
       ↳ jquery 3.4.1
      jquery 3.4.1 has known vulnerabilities: severity: medium; summary: Regex in its jQuery.htmlPrefilter  sometimes may introduce XSS; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
      /ofbiz-framework/themes/common/webapp/common/js/jquery/jquery-3.4.1.js
       ↳ jquery 3.4.1
      jquery 3.4.1 has known vulnerabilities: severity: medium; summary: Regex in its jQuery.htmlPrefilter  sometimes may introduce XSS; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
      /ofbiz-framework/plugins/solr/webapp/solr/js/lib/jquery-1.7.2.min.js
       ↳ jquery 1.7.2
      jquery 1.7.2 has known vulnerabilities: severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b severity: medium; summary: Regex in its jQuery.htmlPrefilter  sometimes may introduce XSS; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

       

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                adityasharma Aditya Sharma
                Reporter:
                adityasharma Aditya Sharma
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: