jquery-1.7.1.min.js vulnerabilities

collectiveidea / delayed_job

Database based asynchronous priority queue system -- Extracted from Shopify

http://groups.google.com/group/delayed_job

MIT License

4.81k stars 955 forks source link

jquery-1.7.1.min.js vulnerabilities #1142

Closed carlosjpr-collab closed 3 years ago

carlosjpr-collab commented 3 years ago

delayed_job is using jquery-1.7.1.min.js. This version is vulnerable. OWASP ZAP Zed Attack Proxy indique that we these pbs

CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 CVE-2012-6708

How can i update the version or change it by fixed local version ? thanks

albus522 commented 3 years ago

We do not use jquery

albus522 commented 3 years ago

The delayed_job gem does not provide any front end. So you have either built an interface in your app to view DJ info or you have installed a third party web display, neither of which is maintained here.

albus522 commented 3 years ago

You might be looking for https://github.com/ejschmitt/delayed_job_web