You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
widdershins is dependent on shins, and as part of the shins source, they are embedding jquery 3.2.1.
Unfortunetly, jquery 3.2.1 has a known XSS vulnerability, and our Vulnerability scans fail because of this inclusion with the message The identified library jquery, version 3.2.1 is vulnerable.
To Reproduce
Steps to reproduce the behavior:
View the generated widdershins HTML source. you will see the inline javascript
Describe the bug
widdershins is dependent on shins, and as part of the shins source, they are embedding jquery 3.2.1.
Unfortunetly, jquery 3.2.1 has a known XSS vulnerability, and our Vulnerability scans fail because of this inclusion with the message
The identified library jquery, version 3.2.1 is vulnerable.To Reproduce
Steps to reproduce the behavior:
Expected behavior
Using widdershins should pass vulnerability scans.
Side note: the shins github repo has been archived - it might be worth looking to see if that package is no longer maintained.
The text was updated successfully, but these errors were encountered: