gbena

icon company Stark Industries icon location Earth

Results 4 comments of gbena

Type of vulnerability

+1 This will provide a better way of managing the vulnerabilities

jquery-migrate 1.4.1 detected as vulnerability despite missing any record in the repo

It does contain jquery-migrate. I am just confused how retire detected that jquery-migrate in version 1.4.1 is vulnerable. There is no evidence about this version being vulnerable. And the output...

jquery-migrate 1.4.1 detected as vulnerability despite missing any record in the repo

I did. The previous comment was run with -v. In the original issue is without. Nevertheless, I just ran it again. Here is the output. (filenames are disguised): $ retire...

jquery-migrate 1.4.1 detected as vulnerability despite missing any record in the repo

Sure. Here is output with and without -v Without -v $ retire --outputformat json [{"file":"file1.js","results":[{"version":"1.12.4","component":"jquery","detection":"filecontent","vulnerabilities":[{"info":["https://github.com/jquery/jquery/issues/2432","http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/","http://research.insecurelabs.org/jquery/test/"],"severity":"medium","identifiers":{"issue":"2432","summary":"3rd party CORS request may execute","CVE":["CVE-2015-9251"]}},{"info":["https://bugs.jquery.com/ticket/11974","http://research.insecurelabs.org/jquery/test/"],"severity":"medium","identifiers":{"CVE":["CVE-2015-9251"],"issue":"11974","summary":"parseHTML() executes scripts in event handlers"}}]},{"version":"1.4.1","component":"jquery-migrate","detection":"filecontent"}]},{"file":"file2.js","results":[{"version":"1.12.4","component":"jquery","detection":"filecontent","vulnerabilities":[{"info":["https://github.com/jquery/jquery/issues/2432","http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/","http://research.insecurelabs.org/jquery/test/"],"severity":"medium","identifiers":{"issue":"2432","summary":"3rd party CORS request may execute","CVE":["CVE-2015-9251"]}},{"info":["https://bugs.jquery.com/ticket/11974","http://research.insecurelabs.org/jquery/test/"],"severity":"medium","identifiers":{"CVE":["CVE-2015-9251"],"issue":"11974","summary":"parseHTML()...