When I run OWASP dependency check in Java project, the jsondoc-ui-webjar-1.2.22 dependency identified with known vulnerabilities:
jsondoc-ui-webjar-1.2.22.jar: bootstrap.min.js (pkg:javascript/bootstrap@3.3.1) : CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, CVE-2019-8331
jsondoc-ui-webjar-1.2.22.jar: handlebars.min.js (pkg:javascript/handlebars@2.0.0) : Disallow calling helperMissing and blockHelperMissing directly, Prototype pollution, Quoteless attributes in templates can lead to XSS
jsondoc-ui-webjar-1.2.22.jar: jquery.min.js (pkg:javascript/jquery@1.11.1) : CVE-2015-9251, CVE-2019-11358, Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
I believe the jsondoc-ui-webjar-1.2.22 is the latest version. Is there a way around to mitigate the vulnerabilities?
When I run OWASP dependency check in Java project, the jsondoc-ui-webjar-1.2.22 dependency identified with known vulnerabilities:
I believe the jsondoc-ui-webjar-1.2.22 is the latest version. Is there a way around to mitigate the vulnerabilities?