Angular version dispalyed in vendor.js












0















A security audit was conducted for the UI that was developed. In the audit, the following is mentioned



" The assessed application was discovered to be running non-current third-party JavaScript libraries with known XSS vulnerabilities.



It was possible to identify Angularjs version 1.5.0 on the web application, which is known to contain vulnerabilities. The version was identified from the following HTTP response: (Screenshot attached below) The references section provides more information on the specific attacks, however the version presented can provide a Cross Site Scripting or Content Security Policy bypass route."



![The following is the screen shot]1



When I checked in the application it comes int vendor..js. This is generated as part of grunt build. We don't have control to this file. Can someone help me how to resolve the issue



Regards



Viji






html angularjs gruntjs xss cross-site







share|improve this question

























  • use a different version or download it, host it locally and edit it there.

    – LW001
    Nov 22 '18 at 9:38











  • Sorry i could not understand. Different version of angular ?

    – vijaya lakshmi
    Nov 22 '18 at 9:49











  • Hi @LW001 Please can you explain. Sorry i have very less time to complete this.

    – vijaya lakshmi
    Nov 23 '18 at 1:00











  • If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.

    – Claies
    Nov 23 '18 at 3:01













  • Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.

    – vijaya lakshmi
    Nov 23 '18 at 5:09


















0















A security audit was conducted for the UI that was developed. In the audit, the following is mentioned



" The assessed application was discovered to be running non-current third-party JavaScript libraries with known XSS vulnerabilities.



It was possible to identify Angularjs version 1.5.0 on the web application, which is known to contain vulnerabilities. The version was identified from the following HTTP response: (Screenshot attached below) The references section provides more information on the specific attacks, however the version presented can provide a Cross Site Scripting or Content Security Policy bypass route."



![The following is the screen shot]1



When I checked in the application it comes int vendor..js. This is generated as part of grunt build. We don't have control to this file. Can someone help me how to resolve the issue



Regards



Viji






html angularjs gruntjs xss cross-site







share|improve this question

























  • use a different version or download it, host it locally and edit it there.

    – LW001
    Nov 22 '18 at 9:38











  • Sorry i could not understand. Different version of angular ?

    – vijaya lakshmi
    Nov 22 '18 at 9:49











  • Hi @LW001 Please can you explain. Sorry i have very less time to complete this.

    – vijaya lakshmi
    Nov 23 '18 at 1:00











  • If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.

    – Claies
    Nov 23 '18 at 3:01













  • Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.

    – vijaya lakshmi
    Nov 23 '18 at 5:09
















0












0








0








A security audit was conducted for the UI that was developed. In the audit, the following is mentioned



" The assessed application was discovered to be running non-current third-party JavaScript libraries with known XSS vulnerabilities.



It was possible to identify Angularjs version 1.5.0 on the web application, which is known to contain vulnerabilities. The version was identified from the following HTTP response: (Screenshot attached below) The references section provides more information on the specific attacks, however the version presented can provide a Cross Site Scripting or Content Security Policy bypass route."



![The following is the screen shot]1



When I checked in the application it comes int vendor..js. This is generated as part of grunt build. We don't have control to this file. Can someone help me how to resolve the issue



Regards



Viji






html angularjs gruntjs xss cross-site







share|improve this question
















A security audit was conducted for the UI that was developed. In the audit, the following is mentioned



" The assessed application was discovered to be running non-current third-party JavaScript libraries with known XSS vulnerabilities.



It was possible to identify Angularjs version 1.5.0 on the web application, which is known to contain vulnerabilities. The version was identified from the following HTTP response: (Screenshot attached below) The references section provides more information on the specific attacks, however the version presented can provide a Cross Site Scripting or Content Security Policy bypass route."



![The following is the screen shot]1



When I checked in the application it comes int vendor..js. This is generated as part of grunt build. We don't have control to this file. Can someone help me how to resolve the issue



Regards



Viji






html angularjs gruntjs xss cross-site




html angularjs gruntjs xss cross-site






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 23 '18 at 1:32







vijaya lakshmi

















asked Nov 22 '18 at 9:27









vijaya lakshmivijaya lakshmi

359




359













  • use a different version or download it, host it locally and edit it there.

    – LW001
    Nov 22 '18 at 9:38











  • Sorry i could not understand. Different version of angular ?

    – vijaya lakshmi
    Nov 22 '18 at 9:49











  • Hi @LW001 Please can you explain. Sorry i have very less time to complete this.

    – vijaya lakshmi
    Nov 23 '18 at 1:00











  • If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.

    – Claies
    Nov 23 '18 at 3:01













  • Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.

    – vijaya lakshmi
    Nov 23 '18 at 5:09





















  • use a different version or download it, host it locally and edit it there.

    – LW001
    Nov 22 '18 at 9:38











  • Sorry i could not understand. Different version of angular ?

    – vijaya lakshmi
    Nov 22 '18 at 9:49











  • Hi @LW001 Please can you explain. Sorry i have very less time to complete this.

    – vijaya lakshmi
    Nov 23 '18 at 1:00











  • If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.

    – Claies
    Nov 23 '18 at 3:01













  • Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.

    – vijaya lakshmi
    Nov 23 '18 at 5:09



















use a different version or download it, host it locally and edit it there.

– LW001
Nov 22 '18 at 9:38





use a different version or download it, host it locally and edit it there.

– LW001
Nov 22 '18 at 9:38













Sorry i could not understand. Different version of angular ?

– vijaya lakshmi
Nov 22 '18 at 9:49





Sorry i could not understand. Different version of angular ?

– vijaya lakshmi
Nov 22 '18 at 9:49













Hi @LW001 Please can you explain. Sorry i have very less time to complete this.

– vijaya lakshmi
Nov 23 '18 at 1:00





Hi @LW001 Please can you explain. Sorry i have very less time to complete this.

– vijaya lakshmi
Nov 23 '18 at 1:00













If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.

– Claies
Nov 23 '18 at 3:01







If you don't have access to the grunt build, then how would you be able to do anything about which version of angular grunt is including? It's not really clear what you are expecting here.... It seems like this isn't a problem that can be solved here, but something that should be solved by whoever developed your UI.

– Claies
Nov 23 '18 at 3:01















Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.

– vijaya lakshmi
Nov 23 '18 at 5:09







Hi @Claies Sorry may be i was not clear on what i meant as access. I have access to the grunt file. We are using bower.json for all the version dependencies and using grunt build to build the app.

– vijaya lakshmi
Nov 23 '18 at 5:09














1 Answer
1






active

oldest

votes


















0














The issue reported was different. The issue about the vulnerable versions.
Referred this link for my better understanding.



https://snyk.io/vuln/npm:angular



Regards
Viji






share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53427652%2fangular-version-dispalyed-in-vendor-js%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    The issue reported was different. The issue about the vulnerable versions.
    Referred this link for my better understanding.



    https://snyk.io/vuln/npm:angular



    Regards
    Viji






    share|improve this answer




























      0














      The issue reported was different. The issue about the vulnerable versions.
      Referred this link for my better understanding.



      https://snyk.io/vuln/npm:angular



      Regards
      Viji






      share|improve this answer


























        0












        0








        0







        The issue reported was different. The issue about the vulnerable versions.
        Referred this link for my better understanding.



        https://snyk.io/vuln/npm:angular



        Regards
        Viji






        share|improve this answer













        The issue reported was different. The issue about the vulnerable versions.
        Referred this link for my better understanding.



        https://snyk.io/vuln/npm:angular



        Regards
        Viji







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 26 '18 at 11:18









        vijaya lakshmivijaya lakshmi

        359




        359






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53427652%2fangular-version-dispalyed-in-vendor-js%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            To store a contact into the json file from server.js file using a class in NodeJS

            Image
            0 I have created three files -contactPresentation.js, contactService.js, contacts.json. I will run the contactService.js file. And it will navigate to contactPresentation.js file that will only choose an option to either add or display a file. If add(), then add the data into add of service file.And the data will be added to the contacts.json file . And if display(), then display the display() of service file. And the display will take the data from contacts.json file. However, i know my code is flawed. Please correct it . I am also getting an error - this.contacts.push(new ContactService(userName, contactNumber, emailId)); ^ TypeError: Cannot read property 'push' of undefined at ContactService.add (e:NodeJSProjectcontactManager2contactService.js:57:23) at new C
            Read more

            Redirect URL with Chrome Remote Debugging Android Devices

            Image
            1 How can i redirect an URL with Chrome Remote Debugging Android Devices? like Requestly Chrome extension on desktop. google-chrome debugging url redirect testing share | improve this question edited Nov 24 '18 at 8:16 sachinjain024 14.7k 23 73 129 asked Nov 23 '18 at 16:09 Momen Momen 91 10
            Read more

            Dieringhausen

            Image
            Dieringhausen Stadt Gummersbach 50.982777777778 7.5316666666667 165 Koordinaten: 50° 58′ 58″  N , 7° 31′ 54″  O Höhe: 165  (160–245)  m Einwohner: 5055  (30. Jun. 2016) Postleitzahl: 51645 Vorwahl: 02261 Lage von Dieringhausen in Gummersbach Im Hohl ca. 1927–1930 Ansicht von Südwesten bei Bünghausen Dieringhausen (im örtlichen Dialekt Dierkesen ) ist ein Ortsteil von Gummersbach im Oberbergischen Kreis, Regierungsbezirk Köln, Nordrhein-Westfalen (Deutschland). Inhaltsverzeichnis 1 Geographie 2 Geschichte 3 Kultur 3.1 Sehenswürdigkeiten 3.2 Regelmäßige Veranstaltungen 4 Infrastruktur und Wirtschaft 4.1 Verkehr 4.1.1 Schienen- und Busverkehr 4.1.2 Straßen 4.2 Öffentliche Einrichtungen 4.2.1 Schulen und Bildungseinrichtungen 4.2.2 Kirchliche Einrichtungen 5 Persönlichkeiten 5.1 In Dieringhausen geboren 5.2 In Dieringhausen gelebt 6 Einzelnachweise 7
            Read more