search

HackSheffield / old-website

The code that powered our website for HS3 and HS4
4 stars 1 forks source link

Out of date jQuery - Security Warning #14

Closed dannycjones closed 6 years ago

dannycjones commented 6 years ago

I've rescanned the site and several vulnerabilities have been patched however we still require that person to look into this vulnerability and patch it or explain why they believe it to be a false positive: Outdated jQuery library detected: 3rd party CORS request may execute Description

AppCheck analysed the jquery library version by executing it within a local browser engine.

The detected version number 1.11.3 appears to be vulnerable to one or more known security flaws.

Solution

Upgrade the affected library to the latest release

Details Technical Details AppCheck analysed the jquery library version by executing it within a local browser engine.

The detected version number 1.11.3 appears to be vulnerable to one or more known security flaws.

Vulnerable Versions

Below Version: 1.12.0

At or above: 1.4.0

References

https://github.com/jquery/jquery/issues/2432

http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/

Messages

--->  GET /scripts/jquery.min.js HTTP/1.1 Connection: close Host: hack.sheffield.ac.uk User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Referer: http://www.google.com    <---  0000 48 54 54 50 2F 31 2E 31 20 32 30 30 20 4F 4B 0D HTTP/1.1 200 OK. 0010 0A 53 65 72 76 65 72 3A 20 6E 67 69 6E 78 2F 31 .Server: nginx/1 0020 2E 31 30 2E 33 20 28 55 62 75 6E 74 75 29 0D 0A .10.3 (Ubuntu).. 0030 44 61 74 65 3A 20 57 65 64 2C 20 32 31 20 46 65 Date: Wed, 21 Fe 0040 62 20 32 30 31 38 20 31 36 3A 33 31 3A 30 32 20 b 2018 16:31:02  0050 47 4D 54 0D 0A 43 6F 6E 74 65 6E 74 2D 54 79 70 GMT..Content-Typ 0060 65 3A 20 61 70 70 6C 69 63 61 74 69 6F 6E 2F 6A e: application/j 0070 61 76 61 73 63 72 69 70 74 0D 0A 43 6F 6E 74 65 avascript..Conte 0080 6E 74 2D 4C 65 6E 67 74 68 3A 20 31 31 35 37 37 nt-Length: 11577 0090 34 0D 0A 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 63 4..Connection: c 00A0 6C 6F 73 65 0D 0A 58 2D 50 6F 77 65 72 65 64 2D lose..X-Powered- 00B0 42 79 3A 20 45 78 70 72 65 73 73 0D 0A 41 63 63 By: Express..Acc 00C0 65 70 74 2D 52 61 6E 67 65 73 3A 20 62 79 74 65 ept-Ranges: byte 00D0 73 0D 0A 43 61 63 68 65 2D 43 6F 6E 74 72 6F 6C s..Cache-Control 00E0 3A 20 70 75 62 6C 69 63 2C 20 6D 61 78 2D 61 67 : public, max-ag 00F0 65 3D 30 0D 0A 4C 61 73 74 2D 4D 6F 64 69 66 69 e=0..Last-Modifi 0100 65 64 3A 20 53 75 6E 2C 20 31 37 20 44 65 63 20 ed: Sun, 17 Dec  0110 32 30 31 37 20 31 36 3A 32 35 3A 35 35 20 47 4D 2017 16:25:55 GM 0120 54 0D 0A 45 74 61 67 3A 20 57 2F 22 31 63 34 33 T..Etag: W/"1c43 0130 65 2D 31 36 30 36 35 34 62 63 66 35 39 22 0D 0A e-160654bcf59".. 0140 0D 0A 2F 2A 20 65 73 6C 69 6E 74 2D 64 69 73 61 ../* eslint-disa 0150 62 6C 65 20 2A 2F 0A 2F 2A 21 20 6A 51 75 65 72 ble */./*! jQuer 0160 79 20 76 31 2E 31 31 2E 33 20 7C 20 28 63 29 20 y v1.11.3 | (c)  0170 32 30 30 35 2C 20 32 30 31 35 20 6A 51 75 65 72 2005, 2015 jQuer 0180 79 20 46 6F 75 6E 64 61 74 69 6F 6E 2C 20 49 6E y Foundation, In 0190 63 2E 20 7C 20 6A 71 75 65 72 79 2E 6F 72 67 2F c. | jquery.org/ 01A0 6C 69 63 65 6E 73 65 20 2A 2F 0A 21 28 66 75 6E license */.!(fun 01B0 63 74 69 6F 6E 20 28 61 2C 20 62 29 20 7B 20 74 ction (a, b) { t 01C0 79 70 65 6F 66 20 6D 6F 64 75 6C 65 20 3D 3D 3D ypeof module === 01D0 20 27 6F 62 6A 65 63 74 27 20 26 26 20 74 79 70 'object' && typ 01E0 65 6F 66 20 6D 6F 64 75 6C 65 2E 65 78 70 6F 72 eof module.expor 01F0 74 73 20 3D 3D 3D 20 27 6F 62 6A 65 63 74 27 20 ts === 'object'  0200 3F 20 6D 6F 64 75 6C 65 2E 65 78 70 6F 72 74 73 ? module.exports 0210 20 3D 20 61 2E 64 6F 63 75 6D 65 6E 74 20 3F 20 = a.document ?  0220 62 28 61 2C 20 21 30 29 20 3A 20 66 75 6E 63 74 b(a, !0) : funct 0230 69 6F 6E 20 28 61 29 20 7B 20 69 66 20 28 21 61 ion (a) { if (!a 0240 2E 64 6F 63 75 6D 65 6E 74 29 20 74 68 72 6F 77 .document) throw 0250 20 6E 65 77 20 45 72 72 6F 72 28 27 6A 51 75 65 new Error('jQue 0260 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 ry requires a wi 0270 6E 64 6F 77 20 77 69 74 68 20 61 20 64 6F 63 75 ndow with a docu 0280 6D 65 6E 74 27 29 3B 20 72 65 74 75 72 6E 20 62 ment'); return b 0290 28 61 29 3B 20 7D 20 3A 20 62 28 61 29 3B 20 7D (a); } : b(a); } 02A0 28 74 79 70 65 6F 66 20 77 69 6E 64 6F 77 20 21 (typeof window ! 02B0 3D 3D 20 27 75 6E 64 65 66 69 6E 65 64 27 20 3F == 'undefined' ? 02C0 20 77 69 6E 64 6F 77 20 3A 20 74 68 69 73 2C 20 window : this,  02D0 66 75 6E 63 74 69 6F 6E 20 28 61 2C 20 62 29 20 function (a, b)  02E0 7B 0A 20 20 76 61 72 20 63 20 3D 20 5B 5D 2C 20 {. var c = [],  02F0 64 20 3D 20 63 2E 73 6C 69 63 65 2C 20 65 20 3D d = c.slice, e = 0300 20 63 2E 63 6F 6E 63 61 74 2C 20 66 20 3D 20 63 c.concat, f = c 0310 2E 70 75 73 68 2C 20 67 20 3D 20 63 2E 69 6E 64 .push, g = c.ind 0320 65 78 4F 66 2C 20 68 20 3D 20 7B 7D 2C 20 69 20 exOf, h = {}, i  0330 3D 20 68 2E 74 6F 53 74 72 69 6E 67 2C 20 6A 20 = h.toString, j  0340 3D 20 68 2E 68 61 73 4F 77 6E 50 72 6F 70 65 72 = h.hasOwnProper 0350 74 79 2C 20 6B 20 3D 20 7B 7D 2C 20 6C 20 3D 20 ty, k = {  ...  m.fn[d] = func 1C230 74 69 6F 6E 20 28 64 2C 20 65 29 20 7B 20 76 61 tion (d, e) { va 1C240 72 20 66 20 3D 20 61 72 67 75 6D 65 6E 74 73 2E r f = arguments. 1C250 6C 65 6E 67 74 68 20 26 26 20 28 63 20 7C 7C 20 length && (c ||  1C260 74 79 70 65 6F 66 20 64 20 21 3D 3D 20 27 62 6F typeof d !== 'bo 1C270 6F 6C 65 61 6E 27 29 2C 20 67 20 3D 20 63 20 7C olean'), g = c | 1C280 7C 20 28 64 20 3D 3D 3D 20 21 30 20 7C 7C 20 65 | (d === !0 || e 1C290 20 3D 3D 3D 20 21 30 20 3F 20 27 6D 61 72 67 69 === !0 ? 'margi 1C2A0 6E 27 20 3A 20 27 62 6F 72 64 65 72 27 29 3B 20 n' : 'border');  1C2B0 72 65 74 75 72 6E 20 56 28 74 68 69 73 2C 20 66 return V(this, f 1C2C0 75 6E 63 74 69 6F 6E 20 28 62 2C 20 63 2C 20 64 unction (b, c, d 1C2D0 29 20 7B 20 76 61 72 20 65 3B 20 72 65 74 75 72 ) { var e; retur 1C2E0 6E 20 6D 2E 69 73 57 69 6E 64 6F 77 28 62 29 20 n m.isWindow(b)  1C2F0 3F 20 62 2E 64 6F 63 75 6D 65 6E 74 2E 64 6F 63 ? b.document.doc 1C300 75 6D 65 6E 74 45 6C 65 6D 65 6E 74 5B 27 63 6C umentElement['cl 1C310 69 65 6E 74 27 20 2B 20 61 5D 20 3A 20 62 2E 6E ient' + a] : b.n 1C320 6F 64 65 54 79 70 65 20 3D 3D 3D 20 39 20 3F 20 odeType === 9 ?  1C330 28 65 20 3D 20 62 2E 64 6F 63 75 6D 65 6E 74 45 (e = b.documentE 1C340 6C 65 6D 65 6E 74 2C 20 4D 61 74 68 2E 6D 61 78 lement, Math.max 1C350 28 62 2E 62 6F 64 79 5B 27 73 63 72 6F 6C 6C 27 (b.body['scroll' 1C360 20 2B 20 61 5D 2C 20 65 5B 27 73 63 72 6F 6C 6C + a], e['scroll 1C370 27 20 2B 20 61 5D 2C 20 62 2E 62 6F 64 79 5B 27 ' + a], b.body[' 1C380 6F 66 66 73 65 74 27 20 2B 20 61 5D 2C 20 65 5B offset' + a], e[ 1C390 27 6F 66 66 73 65 74 27 20 2B 20 61 5D 2C 20 65 'offset' + a], e 1C3A0 5B 27 63 6C 69 65 6E 74 27 20 2B 20 61 5D 29 29 ['client' + a])) 1C3B0 20 3A 20 76 6F 69 64 20 30 20 3D 3D 3D 20 64 20 : void 0 === d  1C3C0 3F 20 6D 2E 63 73 73 28 62 2C 20 63 2C 20 67 29 ? m.css(b, c, g) 1C3D0 20 3A 20 6D 2E 73 74 79 6C 65 28 62 2C 20 63 2C : m.style(b, c, 1C3E0 20 64 2C 20 67 29 3B 20 7D 2C 20 62 2C 20 66 20 d, g); }, b, f  1C3F0 3F 20 64 20 3A 20 76 6F 69 64 20 30 2C 20 66 2C ? d : void 0, f, 1C400 20 6E 75 6C 6C 29 3B 20 7D 3B 20 7D 29 3B 20 7D null); }; }); } 1C410 29 2C 20 6D 2E 66 6E 2E 73 69 7A 65 20 3D 20 66 ), m.fn.size = f 1C420 75 6E 63 74 69 6F 6E 20 28 29 20 7B 20 72 65 74 unction () { ret 1C430 75 72 6E 20 74 68 69 73 2E 6C 65 6E 67 74 68 3B urn this.length; 1C440 20 7D 2C 20 6D 2E 66 6E 2E 61 6E 64 53 65 6C 66 }, m.fn.andSelf 1C450 20 3D 20 6D 2E 66 6E 2E 61 64 64 42 61 63 6B 2C = m.fn.addBack, 1C460 20 74 79 70 65 6F 66 20 64 65 66 69 6E 65 20 3D typeof define = 1C470 3D 3D 20 27 66 75 6E 63 74 69 6F 6E 27 20 26 26 == 'function' && 1C480 20 64 65 66 69 6E 65 2E 61 6D 64 20 26 26 20 64 define.amd && d 1C490 65 66 69 6E 65 28 27 6A 71 75 65 72 79 27 2C 20 efine('jquery',  1C4A0 5B 5D 2C 20 66 75 6E 63 74 69 6F 6E 20 28 29 20 [], function ()  1C4B0 7B 20 72 65 74 75 72 6E 20 6D 3B 20 7D 29 3B 20 { return m; });  1C4C0 76 61 72 20 65 63 20 3D 20 61 2E 6A 51 75 65 72 var ec = a.jQuer 1C4D0 79 2C 20 66 63 20 3D 20 61 2E 24 3B 20 72 65 74 y, fc = a.$; ret 1C4E0 75 72 6E 20 6D 2E 6E 6F 43 6F 6E 66 6C 69 63 74 urn m.noConflict 1C4F0 20 3D 20 66 75 6E 63 74 69 6F 6E 20 28 62 29 20 = function (b)  1C500 7B 20 72 65 74 75 72 6E 20 61 2E 24 20 3D 3D 3D { return a.$ === 1C510 20 6D 20 26 26 20 28 61 2E 24 20 3D 20 66 63 29 m && (a.$ = fc) 1C520 2C 20 62 20 26 26 20 61 2E 6A 51 75 65 72 79 20 , b && a.jQuery  1C530 3D 3D 3D 20 6D 20 26 26 20 28 61 2E 6A 51 75 65 === m && (a.jQue 1C540 72 79 20 3D 20 65 63 29 2C 20 6D 3B 20 7D 2C 20 ry = ec), m; },  1C550 74 79 70 65 6F 66 20 62 20 3D 3D 3D 20 4B 20 26 typeof b === K & 1C560 26 20 28 61 2E 6A 51 75 65 72 79 20 3D 20 61 2E & (a.jQuery = a. 1C570 24 20 3D 20 6D 29 2C 20 6D 3B 0A 7D 29 29 3B 0A $ = m), m;.}));.   ======  --->  GET /scripts/jquery.min.js HTTP/1.1 Connection: close Host: hack.sheffield.ac.uk User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Referer: http://www.google.com    <---  HTTP/1.1 301 Moved Permanently Server: nginx/1.10.3 (Ubuntu) Date: Wed, 21 Feb 2018 16:31:02 GMT Content-Type: text/html Content-Length: 194 Connection: close Location: https://hack.sheffield.ac.uk/scripts/jquery.min.js  <html> <head><title>301 Moved Permanently</title></head> <body bgcolor="white"> <center><h1>301 Moved Permanently</h1></center> <hr><center>nginx/1.10.3 (Ubuntu)</center> </body> </html>

Kind regards, Elliott