jQuery Includes Front-End JavaScript Libraries with Known Security Vulnerabilities
Of concern is the Lighthouse audit for the Marcus Lemonis website flags 4 vulnerabilities related to jQuery. The site runs two version of jQuery.
jQuery@1.11.0 with 1 Medium risk vulnerability.
jQuery UI@1.9.2 with 3 High risk vulnerabilities.
Google’s advice is:
“Stop using each of the libraries that Lighthouse flags. If the library has released a newer version that fixes the vulnerability, upgrade to that version, or consider using a different library.”
The issue here is jQuery isn’t very secure, every old version has vulnerabilities and based on this historical information even the latest release will have unknown vulnerabilities on the day of release. This means if you want to use jQuery securely you have to keep on top of the vulnerabilities, when a vulnerability is reported and it’s fixed, the web developer has to upgrade ASAP. This is easier said than done for WordPress users, WordPress has an old version of jQuery built in for backwards compatibility (without it old plugins/themes would fail), to get by this a theme/plugin developer would have to include the latest jQuery release with their plugin/theme and keep it up to date. Or the web developer would have to manually update jQuery every time there’s an update! It’s one of the reasons why I don’t use any features which rely on jQuery.
Quite a number of webmasters miss these jQuery vulnerabilities, I did a similar website review on the Yoast domain a few months back and it had similar jQuery vulnerabilities listed.
I emailed Yoast them to let them know and it’s since been fixed. Will attempt to contact the Marcus Lemonis webmaster to let them know there’s a possible cyber security issue.
Continue Reading Marcus Lemonis Website
