View Code? Open in Web Editor
NEW
This project forked from prashantchhabra89 /alternate-power-source-property-mapper
A web application that puts the power into people's hands for finding sites for sustainable electricity generation.
Home Page: http://power-planner.appspot.com/
License: Apache License 2.0
Java 31.09%
Python 5.14%
JavaScript 44.72%
CSS 7.87%
HTML 11.18%
alternate-power-source-property-mapper's People
alternate-power-source-property-mapper's Issues
WS-2017-0195 - Medium Severity Vulnerability
Vulnerable Library - jquery-1.11.1.min.js
JavaScript library for DOM operations
path: /Alternate-Power-Source-Property-Mapper/PowerPlanner/war/Scripts/jquery-1.11.1.min.js
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js
Dependency Hierarchy:
โ jquery-1.11.1.min.js (Vulnerable Library)
Vulnerability Details
In v2.2.4 and previous, a lowercasing logic was used on the attribute names and was removed in v3.0.0.
Because of this, boolean attributes whose names were not all lowercase cause infinite recursion, and will exceed the stack call limit.
Publish Date: 2017-04-15
URL: WS-2017-0195
CVSS 2 Score Details (5.3 )
Base Score Metrics not available
Suggested Fix
Type: Change files
Origin: jquery/jquery@d12e13d
Release Date: 2016-05-29
Fix Resolution: Replace or update the following files: attr.js, attributes.js
Step up your Open Source Security Game with WhiteSource here
CVE-2015-9251 - Medium Severity Vulnerability
Vulnerable Library - jquery-1.11.1.min.js
JavaScript library for DOM operations
path: /Alternate-Power-Source-Property-Mapper/PowerPlanner/war/Scripts/jquery-1.11.1.min.js
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js
Dependency Hierarchy:
โ jquery-1.11.1.min.js (Vulnerable Library)
Vulnerability Details
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
CVSS 3 Score Details (6.1 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Impact Metrics:
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Change files
Origin: jquery/jquery@b078a62 #diff-bee4304906ea68bebadfc11be4368419
Release Date: 2015-10-12
Fix Resolution: Replace or update the following files: script.js, ajax.js, ajax.js
Step up your Open Source Security Game with WhiteSource here