Angular version dispalyed in vendor.js
A security audit was conducted for the UI that was developed. In the audit, the following is mentioned
" The assessed application was discovered to be running non-current third-party JavaScript libraries with known XSS vulnerabilities.
It was possible to identify Angularjs version 1.5.0 on the web application, which is known to contain vulnerabilities. The version was identified from the following HTTP response: (Screenshot attached below) The references section provides more information on the specific attacks, however the version presented can provide a Cross Site Scripting or Content Security Policy bypass route."
]1
When I checked in the application it comes int vendor..js. This is generated as part of grunt build. We don't have control to this file. Can someone help me how to resolve the issue
Regards
Viji
html angularjs gruntjs xss cross-site
|
show 1 more comment
A security audit was conducted for the UI that was developed. In the audit, the following is mentioned
" The assessed application was discovered to be running non-current third-party JavaScript libraries with known XSS vulnerabilities.
It was possible to identify Angularjs version 1.5.0 on the web application, which is known to contain vulnerabilities. The version was identified from the following HTTP response: (Screenshot attached below) The references section provides more information on the specific attacks, however the version presented can provide a Cross Site Scripting or Content Security Policy bypass route."
]1
When I checked in the application it comes int vendor..js. This is generated as part of grunt build. We don't have control to this file. Can someone help me how to resolve the issue
Regards
Viji
html angularjs gruntjs xss cross-site
use a different version or download it, host it locally and edit it there.
– LW001
Nov 22 '18 at 9:38
Sorry i could not understand. Different version of angular ?
– vijaya lakshmi
Nov 22 '18 at 9:49
Hi @LW001 Please can you explain. Sorry i have very less time to complete this.
– vijaya lakshmi
Nov 23 '18 at 1:00
If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.
– Claies
Nov 23 '18 at 3:01
Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.
– vijaya lakshmi
Nov 23 '18 at 5:09
|
show 1 more comment
A security audit was conducted for the UI that was developed. In the audit, the following is mentioned
" The assessed application was discovered to be running non-current third-party JavaScript libraries with known XSS vulnerabilities.
It was possible to identify Angularjs version 1.5.0 on the web application, which is known to contain vulnerabilities. The version was identified from the following HTTP response: (Screenshot attached below) The references section provides more information on the specific attacks, however the version presented can provide a Cross Site Scripting or Content Security Policy bypass route."
]1
When I checked in the application it comes int vendor..js. This is generated as part of grunt build. We don't have control to this file. Can someone help me how to resolve the issue
Regards
Viji
html angularjs gruntjs xss cross-site
A security audit was conducted for the UI that was developed. In the audit, the following is mentioned
" The assessed application was discovered to be running non-current third-party JavaScript libraries with known XSS vulnerabilities.
It was possible to identify Angularjs version 1.5.0 on the web application, which is known to contain vulnerabilities. The version was identified from the following HTTP response: (Screenshot attached below) The references section provides more information on the specific attacks, however the version presented can provide a Cross Site Scripting or Content Security Policy bypass route."
]1
When I checked in the application it comes int vendor..js. This is generated as part of grunt build. We don't have control to this file. Can someone help me how to resolve the issue
Regards
Viji
html angularjs gruntjs xss cross-site
html angularjs gruntjs xss cross-site
edited Nov 23 '18 at 1:32
vijaya lakshmi
asked Nov 22 '18 at 9:27
vijaya lakshmivijaya lakshmi
359
359
use a different version or download it, host it locally and edit it there.
– LW001
Nov 22 '18 at 9:38
Sorry i could not understand. Different version of angular ?
– vijaya lakshmi
Nov 22 '18 at 9:49
Hi @LW001 Please can you explain. Sorry i have very less time to complete this.
– vijaya lakshmi
Nov 23 '18 at 1:00
If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.
– Claies
Nov 23 '18 at 3:01
Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.
– vijaya lakshmi
Nov 23 '18 at 5:09
|
show 1 more comment
use a different version or download it, host it locally and edit it there.
– LW001
Nov 22 '18 at 9:38
Sorry i could not understand. Different version of angular ?
– vijaya lakshmi
Nov 22 '18 at 9:49
Hi @LW001 Please can you explain. Sorry i have very less time to complete this.
– vijaya lakshmi
Nov 23 '18 at 1:00
If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.
– Claies
Nov 23 '18 at 3:01
Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.
– vijaya lakshmi
Nov 23 '18 at 5:09
use a different version or download it, host it locally and edit it there.
– LW001
Nov 22 '18 at 9:38
use a different version or download it, host it locally and edit it there.
– LW001
Nov 22 '18 at 9:38
Sorry i could not understand. Different version of angular ?
– vijaya lakshmi
Nov 22 '18 at 9:49
Sorry i could not understand. Different version of angular ?
– vijaya lakshmi
Nov 22 '18 at 9:49
Hi @LW001 Please can you explain. Sorry i have very less time to complete this.
– vijaya lakshmi
Nov 23 '18 at 1:00
Hi @LW001 Please can you explain. Sorry i have very less time to complete this.
– vijaya lakshmi
Nov 23 '18 at 1:00
If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.
– Claies
Nov 23 '18 at 3:01
If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.
– Claies
Nov 23 '18 at 3:01
Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.
– vijaya lakshmi
Nov 23 '18 at 5:09
Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.
– vijaya lakshmi
Nov 23 '18 at 5:09
|
show 1 more comment
1 Answer
1
active
oldest
votes
The issue reported was different. The issue about the vulnerable versions.
Referred this link for my better understanding.
https://snyk.io/vuln/npm:angular
Regards
Viji
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53427652%2fangular-version-dispalyed-in-vendor-js%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The issue reported was different. The issue about the vulnerable versions.
Referred this link for my better understanding.
https://snyk.io/vuln/npm:angular
Regards
Viji
add a comment |
The issue reported was different. The issue about the vulnerable versions.
Referred this link for my better understanding.
https://snyk.io/vuln/npm:angular
Regards
Viji
add a comment |
The issue reported was different. The issue about the vulnerable versions.
Referred this link for my better understanding.
https://snyk.io/vuln/npm:angular
Regards
Viji
The issue reported was different. The issue about the vulnerable versions.
Referred this link for my better understanding.
https://snyk.io/vuln/npm:angular
Regards
Viji
answered Nov 26 '18 at 11:18
vijaya lakshmivijaya lakshmi
359
359
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53427652%2fangular-version-dispalyed-in-vendor-js%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
use a different version or download it, host it locally and edit it there.
– LW001
Nov 22 '18 at 9:38
Sorry i could not understand. Different version of angular ?
– vijaya lakshmi
Nov 22 '18 at 9:49
Hi @LW001 Please can you explain. Sorry i have very less time to complete this.
– vijaya lakshmi
Nov 23 '18 at 1:00
If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.
– Claies
Nov 23 '18 at 3:01
Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.
– vijaya lakshmi
Nov 23 '18 at 5:09