dennisoelkers
commented
5 years ago Hey @moafrancky! Thanks for opening the issue. Unfortunately you have not enclosed which vulnerable dependency you are referring too?
Closed moafrancky closed 5 years ago
dennisoelkers
commented
5 years ago Hey @moafrancky! Thanks for opening the issue. Unfortunately you have not enclosed which vulnerable dependency you are referring too?
moafrancky
commented
5 years ago Hi,
Please find below some details.
You are using a vulnerable Javascript library. One or more vulnerabilities were reported for this version of the Javascript library. Consult Attack details and Web References for more information about the affected library and the vulnerabilities that were reported.
Detected Javascript library jquery version 2.1.4. The version was detected from file content. References: https://github.com/jquery/jquery/issues/2432
Franck
dennisoelkers
commented
5 years ago Sorry for the late response. This was fixed for 3.1.0 in #5967.
I scanned Graylog Web server using Acunetix and a Vulnerable Javascript Library is detected
Expected Behavior
No vulnerable library should be used
Current Behavior
/assets/vendor.7255f79bec582fc17617.js is detected. CVSS2 6.4, CVSS3 6.5
Context
Is it a false-positive ? Do you have plan to update this library ? Have you done CVSS scoring in the context of Graylog (May be you are not impacted because of the way you use this library) ?
Your Environment