Graylog2 / graylog2-server

Free and open log management
https://www.graylog.org
Other
7.41k stars 1.07k forks source link

Acunetix Scan Result #6029

Closed moafrancky closed 5 years ago

moafrancky commented 5 years ago

I scanned Graylog Web server using Acunetix and a Vulnerable Javascript Library is detected

Expected Behavior

No vulnerable library should be used

Current Behavior

/assets/vendor.7255f79bec582fc17617.js is detected. CVSS2 6.4, CVSS3 6.5

Context

Is it a false-positive ? Do you have plan to update this library ? Have you done CVSS scoring in the context of Graylog (May be you are not impacted because of the way you use this library) ?

Your Environment

dennisoelkers commented 5 years ago

Hey @moafrancky! Thanks for opening the issue. Unfortunately you have not enclosed which vulnerable dependency you are referring too?

moafrancky commented 5 years ago

Hi,

Please find below some details.

You are using a vulnerable Javascript library. One or more vulnerabilities were reported for this version of the Javascript library. Consult Attack details and Web References for more information about the affected library and the vulnerabilities that were reported.

Detected Javascript library jquery version 2.1.4. The version was detected from file content. References: https://github.com/jquery/jquery/issues/2432

Franck

dennisoelkers commented 5 years ago

Sorry for the late response. This was fixed for 3.1.0 in #5967.