medium
Technology
Vulnerable JavaScript Library
The site uses an outdated JavaScript library (jQuery, Lodash, Bootstrap, Angular) with known vulnerabilities.
Severity
medium
Time to Fix
1-2 hours
Difficulty
medium
OWASP
A06:2021 — Vulnerable and Outdated Components
What is Vulnerable JavaScript Library?
JavaScript libraries often have known vulnerabilities (prototype pollution, XSS, ReDoS) that are fixed in newer versions. Using an outdated version exposes your site to attacks even if your own code is secure. Common culprits: jQuery < 3.5.0 (XSS), Lodash < 4.17.21 (prototype pollution), Bootstrap < 4.3.1 (XSS).
Why It Matters to Your Business
Vulnerable JS libraries can enable XSS, prototype pollution, and ReDoS attacks. An attacker who exploits a JS library vulnerability can steal user sessions, deface the site, or pivot to attack your backend APIs.
How to Fix It
Update all JavaScript libraries to the latest stable version:
For npm-managed projects:
npm audit
npm audit fix
npm update
For CDN-hosted libraries, update the version in your HTML:
OLD: <script src="https://code.jquery.com/jquery-3.4.1.min.js"></script>
NEW: <script src="https://code.jquery.com/jquery-3.7.1.min.js"></script>
Use SRI (Subresource Integrity) to prevent CDN tampering:
<script src="https://code.jquery.com/jquery-3.7.1.min.js"
integrity="sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo="
crossorigin="anonymous"></script>
Regularly run: npm audit; snyk test; retire.js
Technical Classification
| OWASP Category | A06:2021 — Vulnerable and Outdated Components |
| CWE ID | CWE-1104: Use of Unmaintained Third Party Components |
| Detected By | js_libraries scanner(s) |
| Severity Level | medium |
How 2MNY Security Can Help
Check if your website has this vulnerability
Our js_libraries scanner checks for this issue automatically.
Scan My Website Free