Skip to content

Security: XSS and prototype pollution from legacy jQuery #362

@hedsnz

Description

@hedsnz

The following XSS and prototype pollution vulnerabilities are present in the legacy version of jQuery included in pander (v1.7.2):

It appears that jquery.min.js is required for slimbox2.js which is called in custom.js. All three are included in inst/includes/html/header.html.

Is it possible to update jQuery to 3.6.x? I'm happy to submit a PR for this, let me know.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions