search

cyu / rack-cors

Rack Middleware for handling Cross-Origin Resource Sharing (CORS), which makes cross-origin AJAX possible.
MIT License
3.26k stars 263 forks source link

jQuery Vulnerability #212

Closed neryb closed 3 years ago

neryb commented 3 years ago

Whitesource flagged a vulnerability in rack-cors due the use of jQuery here: https://github.com/cyu/rack-cors/blob/43a18824e03a37a97505df74099730bfceffa565/test/cors/runner.html#L9

Vulnerability: https://github.com/advisories/GHSA-gxr4-xjj5-5px2

Resolution: Update to jquery 3.5.0 or greater

cyu commented 3 years ago

Updated example

neryb commented 3 years ago

Hi @cyu - I'm still seeing the reference to the older jquery in this example in master: https://github.com/cyu/rack-cors/blob/908ea29e1b0fdc4c6091ccb4eb92b6de1e370387/test/cors/runner.html#L9

Is the runner.html file being used at all?