Fortify SCA: Code Injection .

Question

Fortify SCA: Code Injection .

Raolibec opened this issue 6 years ago · 7 comments

Raolibec commented 6 years ago

Please review Instructions for Reporting a Bug.

Description:

I have no idea about whether it has been fixed in later versions. but the code scan is not passed.

Expected Behavior:

Actual behavior:

Source: jquery.form.js:812 Read xhr.responseXML()
810 var ct = xhr.getResponseHeader('content-type') || '',
811 xml = type === 'xml' || !type && ct.indexOf('xml') >= 0,
812 data = xml ? xhr.responseXML : xhr.responseText;
813
814 if (xml && data.documentElement.nodeName === 'parsererror') {
Sink: jquery.form.js:781 setTimeout() 779
780 // clean up
781 setTimeout(function() {
782 if (!s.iframeTarget) {
783 $io.remove();

Versions:

jqform:3.51

Answer 1 · 2019-03-05T18:08:25.000Z

The latest release ( version: 4.2.2) still has this issue being reported by Fortify... anyone make any progress?

Answer 2 · 2019-03-17T03:43:50.000Z

I'm not sure what code scan you're referring to. Can you provide more information on the vulnerability?
Even better, please open a pull request with the necessary code changes.

Answer 3 · 2019-03-21T07:13:06.000Z

i tried to get some more information about the code scan report.

There is the issue founded by Fortify:

jquery.form.js, line 781 (Dynamic Code Evaluation: Code Injection)
Fortify Priority: Critical
Folder: Critical
Kingdom: Input Validation and Representation
Abstract: jquery.form.js 781

Source: jquery.form.js:812 Read xhr.responseXML()

810` var ct = xhr.getResponseHeader('content-type') || '',
811 xml = type === 'xml' || !type && ct.indexOf('xml') >= 0,
812 data = xml ? xhr.responseXML : xhr.responseText;
813
814 if (xml && data.documentElement.nodeName === 'parsererror') {

Sink: jquery.form.js:781 setTimeout()
779
780 // clean up
781 setTimeout(function() {
782 if (!s.iframeTarget) {
783 $io.remove();
kindeditor.js, line 172 (Dynamic Code Evaluation: Code Injection)

Answer 4 · 2020-05-05T14:16:17.000Z

This sounds the same as #464

Answer 5 · 2020-06-07T03:09:19.000Z

Would you please open a pull request to make the needed changes and update/create relevant tests?

Answer 6 · 2020-07-30T09:09:05.000Z

Bug Bounty

We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/

We will submit a pull request directly to your repository with the fix as soon as possible. Want to learn more? Go to https://github.com/418sec/huntr 📚

Automatically generated by @huntr-helper...

Answer 7 · 2020-07-30T11:29:10.000Z

Seems same as #580

Official report: https://app.snyk.io/vuln/SNYK-JS-JQUERYFORM-574783