search

Geta / geta-optimizely-tags

Geta Tags is a library that adds tagging functionality to Optimizely content.
Apache License 2.0
0 stars 3 forks source link

Old jQuery files: Potential security vulnerability #18

Open AnilEPi opened 1 year ago

AnilEPi commented 1 year ago

Hi Team @marisks @brianweet @valdisiljuconoks

I am currently undergoing a penetration test on one of my website applications which is currently using this package. A security vulnerability has been identified with the use of old jQuery files in this package. Taking a look at this code repo, I can see that the following jQuery files used as part of this package.

(https://github.com/Geta/geta-optimizely-tags/blob/master/src/Geta.Optimizely.Tags/module/ClientResources/vendor/jquery-2.1.0.min.js) - /! jQuery v2.1.0 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license / https://github.com/Geta/geta-optimizely-tags/blob/master/src/Geta.Optimizely.Tags/module/ClientResources/vendor/jquery-ui.min.js

Can you please advise/help me in how I can resolve this issue?

Kind Regards

Anil

marisks commented 1 year ago

You can update jQuery and create a PR. I'll review and release it.

rbottema commented 7 months ago

@NathanBeddoeWebDev Did you mean to close and overwrite your PR on this? I do see the code is still available on your fork: https://github.com/Geta/geta-optimizely-tags/compare/master...NathanBeddoeWebDev:geta-optimizely-tags:master. It would be great to have this patched.

NathanBeddoeWebDev commented 7 months ago

Hi @rbottema, I do have the completed code here somewhere. I'll try and get it updated, and hopefully get a more complete PR up.