• Registered: 2018-12-11
  • Posts: 1

Topic: JQuery version has known security vulnerability

I was checking a page with a gallery in it with Lighthouse and it comes up with an error:
"Includes front-end JavaScript libraries with known security vulnerabilities"

Library Version   Vulnerability Count   Highest Severity
jQuery@1.7.0                1                     Medium

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Googles Advice:  “Stop using each of the libraries that Lighthouse flags. If the library has released a newer version that fixes the vulnerability, upgrade to that version, or consider using a different library.”

It appears that you have JQuery built into the JS file.  Is there a way to fix this issue?  Google surely doesn't want to serve sites with security issues.

Thanks.

  • Registered: 2012-04-24
  • Posts: 5,904

Re: JQuery version has known security vulnerability

There is, indeed, a stripped-down version of jQuery v1.7.0 included within the 'juicebox.js' file.
However, it is not possible for a user to manually remove or replace this version of jQuery.
I have notified the developers of your post and I'm sure they will investigate further.
Thank you for the report.