jquery.dataTables-1.10.3.js: 1 vulnerabilities (highest severity is: 6.5) #151
Labels
false positive
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-github-com
bot
added
the
Mend: dependency security vulnerability
|
ℹ️ This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
DataTables enhances HTML tables with the ability to sort, filter and page the data in the table very easily. It provides a comprehensive API and set of configuration options, allowing you to consume data from virtually any data source.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/datatables/1.10.3/js/jquery.dataTables.js
Path to dependency file: /packrat/lib/x86_64-pc-linux-gnu/3.4.4/knitr/misc/datatables.html
Path to vulnerable library: /packrat/lib/x86_64-pc-linux-gnu/3.4.4/knitr/misc/datatables.html,/packrat/lib/x86_64-pc-linux-gnu/3.4.4/knitr/doc/datatables.html
Found in HEAD commit: 69275d158207eeca03a6672b57909ee2a4bc0672
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - jquery.dataTables-1.10.3.js
DataTables enhances HTML tables with the ability to sort, filter and page the data in the table very easily. It provides a comprehensive API and set of configuration options, allowing you to consume data from virtually any data source.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/datatables/1.10.3/js/jquery.dataTables.js
Path to dependency file: /packrat/lib/x86_64-pc-linux-gnu/3.4.4/knitr/misc/datatables.html
Path to vulnerable library: /packrat/lib/x86_64-pc-linux-gnu/3.4.4/knitr/misc/datatables.html,/packrat/lib/x86_64-pc-linux-gnu/3.4.4/knitr/doc/datatables.html
Dependency Hierarchy:
Found in HEAD commit: 69275d158207eeca03a6672b57909ee2a4bc0672
Found in base branch: master
Vulnerability Details
Affected versions of the package are vulnerable to Cross-site Scripting (XSS).
Publish Date: 2015-11-06
URL: WS-2017-0234
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2015-11-06
Fix Resolution: datatables - 1.10.10;org.webjars:datatables:1.10.10
The text was updated successfully, but these errors were encountered: