Angular version dispalyed in vendor.js












0















A security audit was conducted for the UI that was developed. In the audit, the following is mentioned



" The assessed application was discovered to be running non-current third-party JavaScript libraries with known XSS vulnerabilities.



It was possible to identify Angularjs version 1.5.0 on the web application, which is known to contain vulnerabilities. The version was identified from the following HTTP response: (Screenshot attached below) The references section provides more information on the specific attacks, however the version presented can provide a Cross Site Scripting or Content Security Policy bypass route."



![The following is the screen shot]1



When I checked in the application it comes int vendor..js. This is generated as part of grunt build. We don't have control to this file. Can someone help me how to resolve the issue



Regards



Viji






html angularjs gruntjs xss cross-site







share|improve this question

























  • use a different version or download it, host it locally and edit it there.

    – LW001
    Nov 22 '18 at 9:38











  • Sorry i could not understand. Different version of angular ?

    – vijaya lakshmi
    Nov 22 '18 at 9:49











  • Hi @LW001 Please can you explain. Sorry i have very less time to complete this.

    – vijaya lakshmi
    Nov 23 '18 at 1:00











  • If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.

    – Claies
    Nov 23 '18 at 3:01













  • Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.

    – vijaya lakshmi
    Nov 23 '18 at 5:09


















0















A security audit was conducted for the UI that was developed. In the audit, the following is mentioned



" The assessed application was discovered to be running non-current third-party JavaScript libraries with known XSS vulnerabilities.



It was possible to identify Angularjs version 1.5.0 on the web application, which is known to contain vulnerabilities. The version was identified from the following HTTP response: (Screenshot attached below) The references section provides more information on the specific attacks, however the version presented can provide a Cross Site Scripting or Content Security Policy bypass route."



![The following is the screen shot]1



When I checked in the application it comes int vendor..js. This is generated as part of grunt build. We don't have control to this file. Can someone help me how to resolve the issue



Regards



Viji






html angularjs gruntjs xss cross-site







share|improve this question

























  • use a different version or download it, host it locally and edit it there.

    – LW001
    Nov 22 '18 at 9:38











  • Sorry i could not understand. Different version of angular ?

    – vijaya lakshmi
    Nov 22 '18 at 9:49











  • Hi @LW001 Please can you explain. Sorry i have very less time to complete this.

    – vijaya lakshmi
    Nov 23 '18 at 1:00











  • If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.

    – Claies
    Nov 23 '18 at 3:01













  • Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.

    – vijaya lakshmi
    Nov 23 '18 at 5:09
















0












0








0








A security audit was conducted for the UI that was developed. In the audit, the following is mentioned



" The assessed application was discovered to be running non-current third-party JavaScript libraries with known XSS vulnerabilities.



It was possible to identify Angularjs version 1.5.0 on the web application, which is known to contain vulnerabilities. The version was identified from the following HTTP response: (Screenshot attached below) The references section provides more information on the specific attacks, however the version presented can provide a Cross Site Scripting or Content Security Policy bypass route."



![The following is the screen shot]1



When I checked in the application it comes int vendor..js. This is generated as part of grunt build. We don't have control to this file. Can someone help me how to resolve the issue



Regards



Viji






html angularjs gruntjs xss cross-site







share|improve this question
















A security audit was conducted for the UI that was developed. In the audit, the following is mentioned



" The assessed application was discovered to be running non-current third-party JavaScript libraries with known XSS vulnerabilities.



It was possible to identify Angularjs version 1.5.0 on the web application, which is known to contain vulnerabilities. The version was identified from the following HTTP response: (Screenshot attached below) The references section provides more information on the specific attacks, however the version presented can provide a Cross Site Scripting or Content Security Policy bypass route."



![The following is the screen shot]1



When I checked in the application it comes int vendor..js. This is generated as part of grunt build. We don't have control to this file. Can someone help me how to resolve the issue



Regards



Viji






html angularjs gruntjs xss cross-site




html angularjs gruntjs xss cross-site






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 23 '18 at 1:32







vijaya lakshmi

















asked Nov 22 '18 at 9:27









vijaya lakshmivijaya lakshmi

359




359













  • use a different version or download it, host it locally and edit it there.

    – LW001
    Nov 22 '18 at 9:38











  • Sorry i could not understand. Different version of angular ?

    – vijaya lakshmi
    Nov 22 '18 at 9:49











  • Hi @LW001 Please can you explain. Sorry i have very less time to complete this.

    – vijaya lakshmi
    Nov 23 '18 at 1:00











  • If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.

    – Claies
    Nov 23 '18 at 3:01













  • Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.

    – vijaya lakshmi
    Nov 23 '18 at 5:09





















  • use a different version or download it, host it locally and edit it there.

    – LW001
    Nov 22 '18 at 9:38











  • Sorry i could not understand. Different version of angular ?

    – vijaya lakshmi
    Nov 22 '18 at 9:49











  • Hi @LW001 Please can you explain. Sorry i have very less time to complete this.

    – vijaya lakshmi
    Nov 23 '18 at 1:00











  • If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.

    – Claies
    Nov 23 '18 at 3:01













  • Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.

    – vijaya lakshmi
    Nov 23 '18 at 5:09



















use a different version or download it, host it locally and edit it there.

– LW001
Nov 22 '18 at 9:38





use a different version or download it, host it locally and edit it there.

– LW001
Nov 22 '18 at 9:38













Sorry i could not understand. Different version of angular ?

– vijaya lakshmi
Nov 22 '18 at 9:49





Sorry i could not understand. Different version of angular ?

– vijaya lakshmi
Nov 22 '18 at 9:49













Hi @LW001 Please can you explain. Sorry i have very less time to complete this.

– vijaya lakshmi
Nov 23 '18 at 1:00





Hi @LW001 Please can you explain. Sorry i have very less time to complete this.

– vijaya lakshmi
Nov 23 '18 at 1:00













If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.

– Claies
Nov 23 '18 at 3:01







If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.

– Claies
Nov 23 '18 at 3:01















Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.

– vijaya lakshmi
Nov 23 '18 at 5:09







Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.

– vijaya lakshmi
Nov 23 '18 at 5:09














1 Answer
1






active

oldest

votes


















0














The issue reported was different. The issue about the vulnerable versions.
Referred this link for my better understanding.



https://snyk.io/vuln/npm:angular



Regards
Viji






share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53427652%2fangular-version-dispalyed-in-vendor-js%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    The issue reported was different. The issue about the vulnerable versions.
    Referred this link for my better understanding.



    https://snyk.io/vuln/npm:angular



    Regards
    Viji






    share|improve this answer




























      0














      The issue reported was different. The issue about the vulnerable versions.
      Referred this link for my better understanding.



      https://snyk.io/vuln/npm:angular



      Regards
      Viji






      share|improve this answer


























        0












        0








        0







        The issue reported was different. The issue about the vulnerable versions.
        Referred this link for my better understanding.



        https://snyk.io/vuln/npm:angular



        Regards
        Viji






        share|improve this answer













        The issue reported was different. The issue about the vulnerable versions.
        Referred this link for my better understanding.



        https://snyk.io/vuln/npm:angular



        Regards
        Viji







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 26 '18 at 11:18









        vijaya lakshmivijaya lakshmi

        359




        359






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53427652%2fangular-version-dispalyed-in-vendor-js%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Wiesbaden

            Image
            Wappen Deutschlandkarte 50.0825 8.24 117 Koordinaten: 50° 5′  N , 8° 14′  O Basisdaten Bundesland: Hessen Regierungsbezirk: Darmstadt Höhe: 117 m ü. NHN Fläche: 203,93 km 2 Einwohner: 278.654 (31. Dez. 2017) [1] Bevölkerungsdichte: 1366 Einwohner je km 2 Postleitzahlen: 65183–65207, 55246, 55252 Vorlage:Infobox Gemeinde in Deutschland/Wartung/PLZ enthält Text Vorwahlen: 0611, 06122, 06127, 06134 Kfz-Kennzeichen: WI Gemeindeschlüssel: 06 4 14 000 LOCODE: DE WIB NUTS: DE714 Stadtgliederung: 26 Ortsbezirke Adresse der Stadtverwaltung: Schlossplatz 6 65183 Wiesbaden Webpräsenz: www.wiesbaden.de Oberbürgermeister: Sven Gerich (SPD) Lage der Landeshauptstadt Wiesbaden in Hessen und im Regierungsbezirk Darmstadt Offizielles Logo der Landeshauptstadt Wiesbaden Flagge der Landeshauptstadt Wiesbaden Wiesbaden is
            Read more

            Marschland

            Image
            Kilometerweite Marsch in den Vier- und Marschlanden am Elbdeich Die Wedeler Marschlandschaft in Schleswig-Holstein Der Hadelner Kanal zur Entwässerung der Marsch Die tief gelegene Marsch und ein Entwässerungskanal Das Schöpfwerk Otterndorf im Land Hadeln zur Entwässerung der Medem verfügte damals bereits über die größte Kreiselpumpe Europas. Das Schöpfwerk in Neuhaus für die Aue und des Neuhaus-Bülkauer Kanals Als Marsch(land) (v. niederdt., altsächs. mersc ) – auch Masch , Mersch oder Schwemmland genannt – bezeichnet man eine nacheiszeitlich entstandene geomorphologische Landform im Gebiet der nordwestdeutschen Küsten und Flüsse sowie vergleichbare Landformen weltweit. Inhaltsverzeichnis 1 Landschaft 2 Entstehung 3 Marschböden 4 Nutzung 5 Marschgebiete in Deutschland 6 Siehe auch 7 Literatur 8 Weblinks 9 Einzelnachweise Landschaft | Marschen sind generell flache Landstriche ohne natürliche Erhebungen. Si
            Read more

            Dieringhausen

            Image
            Dieringhausen Stadt Gummersbach 50.982777777778 7.5316666666667 165 Koordinaten: 50° 58′ 58″  N , 7° 31′ 54″  O Höhe: 165  (160–245)  m Einwohner: 5055  (30. Jun. 2016) Postleitzahl: 51645 Vorwahl: 02261 Lage von Dieringhausen in Gummersbach Im Hohl ca. 1927–1930 Ansicht von Südwesten bei Bünghausen Dieringhausen (im örtlichen Dialekt Dierkesen ) ist ein Ortsteil von Gummersbach im Oberbergischen Kreis, Regierungsbezirk Köln, Nordrhein-Westfalen (Deutschland). Inhaltsverzeichnis 1 Geographie 2 Geschichte 3 Kultur 3.1 Sehenswürdigkeiten 3.2 Regelmäßige Veranstaltungen 4 Infrastruktur und Wirtschaft 4.1 Verkehr 4.1.1 Schienen- und Busverkehr 4.1.2 Straßen 4.2 Öffentliche Einrichtungen 4.2.1 Schulen und Bildungseinrichtungen 4.2.2 Kirchliche Einrichtungen 5 Persönlichkeiten 5.1 In Dieringhausen geboren 5.2 In Dieringhausen gelebt 6 Einzelnachweise 7
            Read more