WordPress.org

Make WordPress Core

Opened 21 months ago

Closed 21 months ago

Last modified 16 months ago

#43694 closed defect (bug) (duplicate)

Chrome Lighthouse Audit - jQuery Vulnerabilities

Reported by: joellisenby Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.9.5
Component: External Libraries Keywords:
Focuses: Cc:
PR Number:

Description

https://i.imgur.com/IhSOQBb.png

As you can see, with Google Chrome 65.0.3325.181 when running a Lighthouse (https://github.com/GoogleChrome/lighthouse) 2.8.0 audit, there is a new test which claims there is a vulnerability in the version of jQuery (jQuery@1.12.4) included with WordPress.

Includes front-end JavaScript libraries with known security vulnerabilities.

Some third-party scripts may contain known security vulnerabilities  that are easily identified and exploited by attackers.

https://snyk.io/vuln/npm:jquery?lh@1.12.4

Is this something to be concerned about and are there any plans to update the version of jQuery included with WordPress to one without the linked vulnerabilities?

Change History (2)

#1 @adamsilverstein
21 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi @joellisenby thanks for the report. This is a concern, and we are already tracking this issue in #37110.

This ticket was mentioned in Slack in #forums by jcastaneda. View the logs.


16 months ago

Note: See TracTickets for help on using tickets.