form icon indicating copy to clipboard operation
form copied to clipboard
verified publisher icon jquery-form

Fortify SCA: Code Injection .

Open Raolibec opened this issue 7 years ago • 7 comments

Please review Instructions for Reporting a Bug.

Description:

I have no idea about whether it has been fixed in later versions. but the code scan is not passed.

Expected Behavior:

Actual behavior:

Source: jquery.form.js:812 Read xhr.responseXML() 810 var ct = xhr.getResponseHeader('content-type') || '', 811 xml = type === 'xml' || !type && ct.indexOf('xml') >= 0, 812 data = xml ? xhr.responseXML : xhr.responseText; 813 814 if (xml && data.documentElement.nodeName === 'parsererror') { Sink: jquery.form.js:781 setTimeout() 779 780 // clean up 781 setTimeout(function() { 782 if (!s.iframeTarget) { 783 $io.remove();

Versions:

jqform:3.51

Raolibec avatar Aug 03 '18 13:08 Raolibec

The latest release ( version: 4.2.2) still has this issue being reported by Fortify... anyone make any progress?

roderickforsythe avatar Mar 05 '19 18:03 roderickforsythe

I'm not sure what code scan you're referring to. Can you provide more information on the vulnerability? Even better, please open a pull request with the necessary code changes.

kevindb avatar Mar 17 '19 03:03 kevindb

i tried to get some more information about the code scan report.

There is the issue founded by Fortify:

jquery.form.js, line 781 (Dynamic Code Evaluation: Code Injection) Fortify Priority: Critical Folder: Critical Kingdom: Input Validation and Representation Abstract: jquery.form.js 781

Source: jquery.form.js:812 Read xhr.responseXML()

810` var ct = xhr.getResponseHeader('content-type') || '', 811 xml = type === 'xml' || !type && ct.indexOf('xml') >= 0, 812 data = xml ? xhr.responseXML : xhr.responseText; 813 814 if (xml && data.documentElement.nodeName === 'parsererror') {

Sink: jquery.form.js:781 setTimeout() 779 780 // clean up 781 setTimeout(function() { 782 if (!s.iframeTarget) { 783 $io.remove(); kindeditor.js, line 172 (Dynamic Code Evaluation: Code Injection)

Raolibec avatar Mar 21 '19 07:03 Raolibec

This sounds the same as #464

asheppard-gresham avatar May 05 '20 14:05 asheppard-gresham

Would you please open a pull request to make the needed changes and update/create relevant tests?

kevindb avatar Jun 07 '20 03:06 kevindb

Bug Bounty

We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/

We will submit a pull request directly to your repository with the fix as soon as possible. Want to learn more? Go to https://github.com/418sec/huntr 📚

Automatically generated by @huntr-helper...

huntr-helper avatar Jul 30 '20 09:07 huntr-helper

Seems same as https://github.com/jquery-form/form/issues/580

Official report: https://app.snyk.io/vuln/SNYK-JS-JQUERYFORM-574783

imade avatar Jul 30 '20 11:07 imade