[SERVER-41266] Security issues due to the use of old jQuery libraries. Created: 22/May/19  Updated: 24/May/19  Resolved: 22/May/19

Status: Closed
Project: Core Server
Component/s: JavaScript
Affects Version/s: 4.0.9
Fix Version/s: None

Type: Question Priority: Critical - P2
Reporter: anil barfa Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
Participants:

 Description   

We recently conducted a scan of the latest mongoDB community edition with Black Duck and found that there are security vulnerabilities due to the use of jQuery version 1.10.3. Could please let us know why is mongo using an older version of jQuery ?



 Comments   
Comment by Danny Hatcher (Inactive) [ 24/May/19 ]

From our Security team: jQuery is vendored as a component of a Go test library. This library is not included in any released binaries, and we do not considered it to represent an operational risk to users of MongoDB.

Comment by Danny Hatcher (Inactive) [ 22/May/19 ]

Closing this as a duplicate of SECURITY-577.

Generated at Thu Feb 08 04:57:16 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.