Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-1525 Issue to group security concerns
  3. OFBIZ-10678

CLONE - Check embedded Javascript libs vulnerabilities using retire.js

    XMLWordPrintableJSON

Details

    • Bug Crush Event - 21/2/2015

    Description

      3 years ago I created the page https://cwiki.apache.org/confluence/display/OFBIZ/About+retire.js

      After OFBIZ-9269 (done 1 year ago) that I cloned here, I just checked and here are the results:

      Trunk

      C:\projectsASF\ofbiz\plugins\ecommerce\webapp\ecommerce\js\bootstrap.bundle.min.js
       ? bootstrap 4.0.0-beta.2 has known vulnerabilities: severity: medium; issue: 20184, summary: XSS in data-target property of scrollspy, CVE: CVE-2018-14041; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: 20184, s
      ummary: XSS in collapse data-parent attribute, CVE: CVE-2018-14040; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: 20184, summary: XSS in data-container property of tooltip, CVE: CVE-2018-14042; https://github.co
      m/twbs/bootstrap/issues/20184
      
      C:\projectsASF\ofbiz\plugins\ecommerce\webapp\ecommerce\js\bootstrap.min.js
       ? bootstrap 4.0.0 has known vulnerabilities: severity: medium; issue: 20184, summary: XSS in data-target property of scrollspy, CVE: CVE-2018-14041; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: 20184, summary:
       XSS in collapse data-parent attribute, CVE: CVE-2018-14040; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: 20184, summary: XSS in data-container property of tooltip, CVE: CVE-2018-14042; https://github.com/twbs/
      bootstrap/issues/20184
      
      C:\projectsASF\ofbiz\plugins\solr\webapp\solr\js\require.js
       ? jquery 1.7.1 has known vulnerabilities: severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.insecu
      relabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://
      nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/
      
      C:\projectsASF\ofbiz\plugins\solr\webapp\solr\libs\angular.js
       ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21 severit
      y: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/
      angular/angular.js/blob/master/CHANGELOG.md severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
      
      C:\projectsASF\ofbiz\plugins\solr\webapp\solr\libs\angular.min.js
       ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21 severit
      y: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize; https://github.com/
      angular/angular.js/blob/master/CHANGELOG.md severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
      
      C:\projectsASF\ofbiz\plugins\solr\webapp\solr\libs\jquery-2.1.3.min.js
       ? jquery 2.1.3.min has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-
      1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.
      com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/
      
      C:\projectsASF\ofbiz\plugins\solr\webapp\solr\js\lib\jquery-1.7.2.min.js
       ? jquery 1.7.2.min has known vulnerabilities: severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.in
      securelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ http
      s://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/
      

      R17

      C:\projectsASF\release17.12\plugins\ecommerce\webapp\ecommerce\js\bootstrap.bundle.min.js
       ? bootstrap 4.0.0-beta.2 has known vulnerabilities: severity: medium; issue: 20184, summary: XSS in data-target property of scrollspy, CVE: CVE-2018-14041; https://github.com/twbs/bootstrap/issues/20184 seve
      rity: medium; issue: 20184, summary: XSS in collapse data-parent attribute, CVE: CVE-2018-14040; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: 20184, summary: XSS in data-container p
      roperty of tooltip, CVE: CVE-2018-14042; https://github.com/twbs/bootstrap/issues/20184
      
      C:\projectsASF\release17.12\plugins\ecommerce\webapp\ecommerce\js\bootstrap.min.js
       ? bootstrap 4.0.0 has known vulnerabilities: severity: medium; issue: 20184, summary: XSS in data-target property of scrollspy, CVE: CVE-2018-14041; https://github.com/twbs/bootstrap/issues/20184 severity: m
      edium; issue: 20184, summary: XSS in collapse data-parent attribute, CVE: CVE-2018-14040; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: 20184, summary: XSS in data-container property
       of tooltip, CVE: CVE-2018-14042; https://github.com/twbs/bootstrap/issues/20184
      
      C:\projectsASF\release17.12\plugins\solr\webapp\solr\js\require.js
       ? jquery 1.7.1 has known vulnerabilities: severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-201
      2-6708 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jq
      uery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/
      
      C:\projectsASF\release17.12\plugins\solr\webapp\solr\libs\angular.js
       ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-re
      surrection-2016-07-21 severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severi
      ty: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8
      f31f1ff43b673a24f84422d5c13d6312b2c4d94
      
      C:\projectsASF\release17.12\plugins\solr\webapp\solr\libs\angular.min.js
       ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The attribute usemap can be used as a security exploit; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-re
      surrection-2016-07-21 severity: medium; summary: Universal CSP bypass via add-on in Firefox; https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435 http://pastebin.com/raw/kGrdaypP severi
      ty: medium; summary: DOS in $sanitize; https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity: low; summary: XSS in $sanitize in Safari/Firefox; https://github.com/angular/angular.js/commit/8
      f31f1ff43b673a24f84422d5c13d6312b2c4d94
      
      C:\projectsASF\release17.12\plugins\solr\webapp\solr\libs\jquery-2.1.3.min.js
       ? jquery 2.1.3.min has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.c
      om/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML(
      ) executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/
      
      C:\projectsASF\release17.12\plugins\solr\webapp\solr\js\lib\jquery-1.7.2.min.js
       ? jquery 1.7.2.min has known vulnerabilities: severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE
      -2012-6708 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blo
      g.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/
      

      R16

       ? jquery 1.11.0 has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/
      2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() e
      xecutes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/
      
      C:\projectsASF\release16.11\framework\images\webapp\images\jquery\jquery-1.11.0.min.js
       ? jquery 1.11.0.min has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.
      com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML
      () executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/
      
      C:\projectsASF\release16.11\framework\images\webapp\images\jquery\jquery-migrate-1.2.1.js
       ? jquery-migrate 1.2.1 has known vulnerabilities: severity: medium; bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 http://research.insecurelabs.org/jquery/test/
      
      C:\projectsASF\release16.11\specialpurpose\solr\webapp\solr\js\require.js
       ? jquery 1.7.1 has known vulnerabilities: severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-201
      2-6708 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jq
      uery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/
      
      C:\projectsASF\release16.11\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.min.js
       ? jquery-mobile 1.4.0.min has known vulnerabilities: severity: medium; summary: open redirect leads to cross site scripting; http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html
      
      C:\projectsASF\release16.11\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.js
       ? jquery-mobile 1.4.0 has known vulnerabilities: severity: medium; summary: open redirect leads to cross site scripting; http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html
      

      So it's time to update again the Javascript embedded libs. I'll check what I have been done with OFBIZ-9269 before...

      Attachments

        1. OFBIZ-10678.patch
          827 kB
          Aditya Sharma
        2. OFBIZ-10678.patch
          889 kB
          Aditya Sharma
        3. OFBIZ-10678.patch
          634 kB
          Aditya Sharma
        4. OFBIZ-10678_plugins.patch
          3.73 MB
          Aditya Sharma

        Issue Links

          Activity

            People

              adityasharma Aditya Sharma
              jleroux Jacques Le Roux
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: