[SERVER-41266] Security issues due to the use of old jQuery libraries. Created: 22/May/19 Updated: 24/May/19 Resolved: 22/May/19 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | JavaScript |
| Affects Version/s: | 4.0.9 |
| Fix Version/s: | None |
| Type: | Question | Priority: | Critical - P2 |
| Reporter: | anil barfa | Assignee: | Unassigned |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Participants: | |||||
| Description |
|
We recently conducted a scan of the latest mongoDB community edition with Black Duck and found that there are security vulnerabilities due to the use of jQuery version 1.10.3. Could please let us know why is mongo using an older version of jQuery ? |
| Comments |
| Comment by Danny Hatcher (Inactive) [ 24/May/19 ] |
|
From our Security team: jQuery is vendored as a component of a Go test library. This library is not included in any released binaries, and we do not considered it to represent an operational risk to users of MongoDB. |
| Comment by Danny Hatcher (Inactive) [ 22/May/19 ] |
|
Closing this as a duplicate of SECURITY-577. |