Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jquery-ui package is vulnerable to Prototype Pollution - widget function #2322

Open
knalepa opened this issue Dec 27, 2024 · 0 comments
Open

jquery-ui package is vulnerable to Prototype Pollution - widget function #2322

knalepa opened this issue Dec 27, 2024 · 0 comments

Comments

@knalepa
Copy link

knalepa commented Dec 27, 2024

Hello,

My team encountered an issue when Fortify Scanner runs the scan for one of our projects.

The description of the issue is below:

The jquery-ui package is vulnerable to Prototype Pollution. The $.widget() function in widget.js does not properly check if the name parameter contains a risky JavaScript accessor such as __proto__ or constructor when creating a new widget. An attacker can exploit this vulnerability by providing a crafted name to override the original JavaScript prototype and therefore values of objects used by the application. This may result in arbitrary code execution, data corruption, or application crashes.

Component Name: jquery-ui
Component Version: 1.14.1

I didn't find anything related to that.

Would you mind to take a look on that?

Thank you.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@knalepa