Angular version dispalyed in vendor.js












0















A security audit was conducted for the UI that was developed. In the audit, the following is mentioned



" The assessed application was discovered to be running non-current third-party JavaScript libraries with known XSS vulnerabilities.



It was possible to identify Angularjs version 1.5.0 on the web application, which is known to contain vulnerabilities. The version was identified from the following HTTP response: (Screenshot attached below) The references section provides more information on the specific attacks, however the version presented can provide a Cross Site Scripting or Content Security Policy bypass route."



![The following is the screen shot]1



When I checked in the application it comes int vendor..js. This is generated as part of grunt build. We don't have control to this file. Can someone help me how to resolve the issue



Regards



Viji










share|improve this question

























  • use a different version or download it, host it locally and edit it there.

    – LW001
    Nov 22 '18 at 9:38











  • Sorry i could not understand. Different version of angular ?

    – vijaya lakshmi
    Nov 22 '18 at 9:49











  • Hi @LW001 Please can you explain. Sorry i have very less time to complete this.

    – vijaya lakshmi
    Nov 23 '18 at 1:00











  • If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.

    – Claies
    Nov 23 '18 at 3:01













  • Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.

    – vijaya lakshmi
    Nov 23 '18 at 5:09


















0















A security audit was conducted for the UI that was developed. In the audit, the following is mentioned



" The assessed application was discovered to be running non-current third-party JavaScript libraries with known XSS vulnerabilities.



It was possible to identify Angularjs version 1.5.0 on the web application, which is known to contain vulnerabilities. The version was identified from the following HTTP response: (Screenshot attached below) The references section provides more information on the specific attacks, however the version presented can provide a Cross Site Scripting or Content Security Policy bypass route."



![The following is the screen shot]1



When I checked in the application it comes int vendor..js. This is generated as part of grunt build. We don't have control to this file. Can someone help me how to resolve the issue



Regards



Viji










share|improve this question

























  • use a different version or download it, host it locally and edit it there.

    – LW001
    Nov 22 '18 at 9:38











  • Sorry i could not understand. Different version of angular ?

    – vijaya lakshmi
    Nov 22 '18 at 9:49











  • Hi @LW001 Please can you explain. Sorry i have very less time to complete this.

    – vijaya lakshmi
    Nov 23 '18 at 1:00











  • If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.

    – Claies
    Nov 23 '18 at 3:01













  • Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.

    – vijaya lakshmi
    Nov 23 '18 at 5:09
















0












0








0








A security audit was conducted for the UI that was developed. In the audit, the following is mentioned



" The assessed application was discovered to be running non-current third-party JavaScript libraries with known XSS vulnerabilities.



It was possible to identify Angularjs version 1.5.0 on the web application, which is known to contain vulnerabilities. The version was identified from the following HTTP response: (Screenshot attached below) The references section provides more information on the specific attacks, however the version presented can provide a Cross Site Scripting or Content Security Policy bypass route."



![The following is the screen shot]1



When I checked in the application it comes int vendor..js. This is generated as part of grunt build. We don't have control to this file. Can someone help me how to resolve the issue



Regards



Viji










share|improve this question
















A security audit was conducted for the UI that was developed. In the audit, the following is mentioned



" The assessed application was discovered to be running non-current third-party JavaScript libraries with known XSS vulnerabilities.



It was possible to identify Angularjs version 1.5.0 on the web application, which is known to contain vulnerabilities. The version was identified from the following HTTP response: (Screenshot attached below) The references section provides more information on the specific attacks, however the version presented can provide a Cross Site Scripting or Content Security Policy bypass route."



![The following is the screen shot]1



When I checked in the application it comes int vendor..js. This is generated as part of grunt build. We don't have control to this file. Can someone help me how to resolve the issue



Regards



Viji







html angularjs gruntjs xss cross-site






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 23 '18 at 1:32







vijaya lakshmi

















asked Nov 22 '18 at 9:27









vijaya lakshmivijaya lakshmi

359




359













  • use a different version or download it, host it locally and edit it there.

    – LW001
    Nov 22 '18 at 9:38











  • Sorry i could not understand. Different version of angular ?

    – vijaya lakshmi
    Nov 22 '18 at 9:49











  • Hi @LW001 Please can you explain. Sorry i have very less time to complete this.

    – vijaya lakshmi
    Nov 23 '18 at 1:00











  • If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.

    – Claies
    Nov 23 '18 at 3:01













  • Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.

    – vijaya lakshmi
    Nov 23 '18 at 5:09





















  • use a different version or download it, host it locally and edit it there.

    – LW001
    Nov 22 '18 at 9:38











  • Sorry i could not understand. Different version of angular ?

    – vijaya lakshmi
    Nov 22 '18 at 9:49











  • Hi @LW001 Please can you explain. Sorry i have very less time to complete this.

    – vijaya lakshmi
    Nov 23 '18 at 1:00











  • If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.

    – Claies
    Nov 23 '18 at 3:01













  • Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.

    – vijaya lakshmi
    Nov 23 '18 at 5:09



















use a different version or download it, host it locally and edit it there.

– LW001
Nov 22 '18 at 9:38





use a different version or download it, host it locally and edit it there.

– LW001
Nov 22 '18 at 9:38













Sorry i could not understand. Different version of angular ?

– vijaya lakshmi
Nov 22 '18 at 9:49





Sorry i could not understand. Different version of angular ?

– vijaya lakshmi
Nov 22 '18 at 9:49













Hi @LW001 Please can you explain. Sorry i have very less time to complete this.

– vijaya lakshmi
Nov 23 '18 at 1:00





Hi @LW001 Please can you explain. Sorry i have very less time to complete this.

– vijaya lakshmi
Nov 23 '18 at 1:00













If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.

– Claies
Nov 23 '18 at 3:01







If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.

– Claies
Nov 23 '18 at 3:01















Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.

– vijaya lakshmi
Nov 23 '18 at 5:09







Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.

– vijaya lakshmi
Nov 23 '18 at 5:09














1 Answer
1






active

oldest

votes


















0














The issue reported was different. The issue about the vulnerable versions.
Referred this link for my better understanding.



https://snyk.io/vuln/npm:angular



Regards
Viji






share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53427652%2fangular-version-dispalyed-in-vendor-js%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    The issue reported was different. The issue about the vulnerable versions.
    Referred this link for my better understanding.



    https://snyk.io/vuln/npm:angular



    Regards
    Viji






    share|improve this answer




























      0














      The issue reported was different. The issue about the vulnerable versions.
      Referred this link for my better understanding.



      https://snyk.io/vuln/npm:angular



      Regards
      Viji






      share|improve this answer


























        0












        0








        0







        The issue reported was different. The issue about the vulnerable versions.
        Referred this link for my better understanding.



        https://snyk.io/vuln/npm:angular



        Regards
        Viji






        share|improve this answer













        The issue reported was different. The issue about the vulnerable versions.
        Referred this link for my better understanding.



        https://snyk.io/vuln/npm:angular



        Regards
        Viji







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 26 '18 at 11:18









        vijaya lakshmivijaya lakshmi

        359




        359






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53427652%2fangular-version-dispalyed-in-vendor-js%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Wiesbaden

            Marschland

            Dieringhausen