Upgrade JQuery package - Current version has security vulnerabilities.
sadashiv-sumasoft opened this issue · 0 comments
Hi,
When using one of the tools for SAST (Static Application Security Testing), I found out about one issue in your package hierarchical dependency listed above.
└── scriptjs@2.5.9
└── jquery@1.5.2 (Though it is not directly dependent on the scriptjs package, the scriptjs package uses jQuery 1.5.2 in it.). at above path \node_modules\scriptjs\vendor\jquery.js
Error:
jQuery 1.5.2 has known vulnerabilities: severity: medium; summary: XSS with location.hash, CVE: GHSA-579v-mp3v-rrw5, githubID: GHSA-579v-mp3v-rrw5; http://research.insecurelabs.org/jquery/test/
Recommendation
Upgrade to version 1.9.0 or later.
As the tool suggests, the JQuery 1.5.2 version has some security vulnerabilities, so upgrading this package to the latest would help.
#110 Please check this one for more reference.