Need fix, [call to on() in datatables.js on lines 14868, 15181 sets a callback to a race condition]
Need fix, [call to on() in datatables.js on lines 14868, 15181 sets a callback to a race condition]
ppraj
Posts: 4Questions: 1Answers: 0
datatables.js:14868 FunctionPointerCall: on()
14866 var nread = 0;
14867
14868 engine.on('error', onError);
14869 engine.on('end', onEnd);
datatables.js:15181 FunctionPointerCall: on()
15180 var error;
15181 this.on('error', function (er) {
15182 error = er;
15183 });
Answers
Can you link to a test case showing the issue please? datatables.js is a combined file that has many possible options.
Allan
Actually this vulnerability raised in the application security audit scan report. so we do not have any specific test cases related to this. Is there any possible fix for this ?
PP
Not really because I still don’t know the contents of that file. As I say, there are many many ways that file can be configured. I’d need a copy of the file you are working with please.
I don’t actually think we use the variable
engine
in our code, at least I can’t think where it would be, so it might be in one of the third party scripts that can be included in the code.Allan
After downloading the package from https://datatables.net/download/index with styling framework ->'DataTables', packages -> jquery 3, Datatables, Extensions -> Buttons-HTML5-jszip, pdfmake using the download method 'Download' tab. In the downloaded zip,
download.js has the vulnerability statement engine.on('error', onError);
pdfmake-0.1.36 -> pdfmake.js also has the vulnerability statement engine.on('error', onError);
PP
Thank you. Yes as you note, that is in the pdfmake software which is third party.
I’ll get the version updated in our download builder, but until then, don’t select it in the download builder, just include your own local up to date version or use from CDNJS or similar.
Allan
OK. Thank you for your timely response and support.