The popular NotFound handler for ASP.NET Core and Optimizely, enabling better control over your 404 page in addition to allowing redirects for old URLs that no longer works.
Apache License 2.0
19
stars
16
forks
source link
Package uses outdated versions of JQuery and Bootstrap with vulnerabilities #74
We use the GETA Not Found Handler on a number of our client builds. Recently we had a penetration test and they highlighted vulnerabilities with order 3rd party resources used by the GETA Not Found Handler tool. The penetration tester understood that the functionality was locked behind a user login so the risk was downgraded to medium.
The following is the feedback we received.
Using the Burpsuite scanner, we detected the use of jquery version 3.2.1.slim.min at
/EPiServer/Geta.NotFoundHandler.Optimizely/container, (<script src="https://code.jquery.com/jquery-3.2.1.slim.min.js")
which has the following vulnerabilities:
CVE-2019-11358: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
CVE-2020-11022: Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
CVE-2020-11023: Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
We also detected the use of bootstrap version 4.0.0 (<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css")>), which has the following vulnerabilities:
CVE-2019-8331: XSS in data-template, data-content and data-title properties of tooltip/popover
CVE-2018-14041: XSS in data-target property of scrollspy
CVE-2018-14042: XSS in data-container property of tooltip
CVE-2016-10735: XSS is possible in the data-target attribute.
We were not able to identify any XSS vulnerabilities in the time allowed, however, we have observed XSS vulnerabilities in other sites that have reported this vulnerability – especially those that use the tooltip/popover function.
Hello,
We use the GETA Not Found Handler on a number of our client builds. Recently we had a penetration test and they highlighted vulnerabilities with order 3rd party resources used by the GETA Not Found Handler tool. The penetration tester understood that the functionality was locked behind a user login so the risk was downgraded to medium.
The following is the feedback we received.
Using the Burpsuite scanner, we detected the use of jquery version 3.2.1.slim.min at
/EPiServer/Geta.NotFoundHandler.Optimizely/container, (<script src="https://code.jquery.com/jquery-3.2.1.slim.min.js")
which has the following vulnerabilities:jQuery.extend(true, {}, ...)
because of Object.prototype pollutionWe also detected the use of
bootstrap version 4.0.0 (<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css")>)
, which has the following vulnerabilities:We were not able to identify any XSS vulnerabilities in the time allowed, however, we have observed XSS vulnerabilities in other sites that have reported this vulnerability – especially those that use the tooltip/popover function.