Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

PEN test vulnerabilities for jquery used by AEM

Avatar

Avatar
Validate 10
Level 2
fionas76543059
Level 2

Likes

3 likes

Total Posts

64 posts

Correct Reply

1 solution
Top badges earned
Validate 10
Validate 1
Boost 3
Boost 1
Applaud 5
View profile

Avatar
Validate 10
Level 2
fionas76543059
Level 2

Likes

3 likes

Total Posts

64 posts

Correct Reply

1 solution
Top badges earned
Validate 10
Validate 1
Boost 3
Boost 1
Applaud 5
View profile
fionas76543059
Level 2

19-02-2021

 

Hi folks,

 

Our PEN testers are saying there are  2 new Medium vulnerabilities in the 1.12.4 version of JQuery .

https://snyk.io/test/npm/jquery/1.12.4

  1. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
  2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022

Does the service pack 6 or 7 contain a patched version of JQuery that include fixes for all of the latest vulnerabilities ? 

BTW.  Are we allowed to change the version of jquery ourselves ?  I always thought we weren't allowed to change it but I have seen tutorials explaining how to do it.

https://aem4beginner.blogspot.com/overriding-jquery-version-in-cq

 

I'm a bit puzzled. Anybody know the answer ?

 

thanks

Fiona

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Establish
MVP
BrianKasingli
MVP

Likes

591 likes

Total Posts

572 posts

Correct Reply

219 solutions
Top badges earned
Establish
Ignite 1
Give Back 5
Give Back 3
Give Back 10
View profile

Avatar
Establish
MVP
BrianKasingli
MVP

Likes

591 likes

Total Posts

572 posts

Correct Reply

219 solutions
Top badges earned
Establish
Ignite 1
Give Back 5
Give Back 3
Give Back 10
View profile
BrianKasingli
MVP

19-02-2021

@fionas76543059,

Definitely, While the AEM platform uses the cq.jquery client library for internal use. For your company's website, you can totally define your own jquery library which contains the latest version of jquery. You can place the "VENDOR" client library under /apps/my-site/clientlibs/vendor/*. A standard practice is to place and export 3rd party JavaScript libraries in an AEM project that will be from the vendor folder as a client library.

Example:

BrianKasingli_0-1613747560534.png

 

 

Next, you can set your clientlib-site with the jquery.3.1.1 as a dependency

BrianKasingli_2-1613747481087.png

 

Answers (0)