DataTables
Advanced interaction
features for your tables.
Editor
Comprehensive editing
library for DataTables.
Manual
Download
Show site navigation

jQuery vulnerabilities - Header Manipulation & Code Injection

jQuery vulnerabilities - Header Manipulation & Code Injection

Sushant_KagiSushant_Kagi Posts: 2Questions: 0Answers: 0
edited January 2014 in General
Hi All,

Recently while scanning the code with fortify code scanner I came across the two vulonerabilities reported by scanner: Header Manipulation and Code Injection in jquery related files.

Following are my queries:
- Why the values reported by scanner are not validated.
- What is the significance/use of those values.

For Code Injection:

aCookies =document.cookie.split(';');

for ( var i=0, iLen=aCookies.length ; i

Replies

  • allanallan Posts: 63,498Questions: 1Answers: 10,471 Site admin
    Both issues are resolved in DataTables 1.10 which is available as the development version on the downloads page.

    Allan
  • Sushant_KagiSushant_Kagi Posts: 2Questions: 0Answers: 0
    Allan,

    Thanks for the details.

    Also the similar type of instances are reported on jquery.js, prototype.js, tiny_mce_dev.js.

    Could you help me with the patched versions for the same too.

    Thanks in advance.

    Sushant
  • allanallan Posts: 63,498Questions: 1Answers: 10,471 Site admin
    Those are third party libraries over which I have no control. I'd suggest contacting the authors of those libraries if their latest versions are also showing issues.

    Allan
This discussion has been closed.

DataTables

DataTables designed and created by SpryMedia Ltd.
© 2007-2023 MIT licensed. Privacy policy. Supporters.
SpryMedia Ltd is registered in Scotland, company no. SC456502.