jQuery pre 1.12.0 CVE-2016-7103 Vulnerability

I got penetration test result, which advised to upgrade jQuery to v3.

Even on Outsystems 11 there's no choice to use jQuery v3.


Here's link to the vulnerability:

https://www.cvedetails.com/cve/CVE-2016-7103/

Solution

Contact the Support to validate your issue.

Still Outsystems has fixed some vulnerabilities in that Version

https://success.outsystems.com/Support/Enterprise_Customers/Troubleshooting/FALSE_POSITIVE_-_jquery_1.8.3_flagged_as_a_vulnerable_library


Validate the Factory Configuration tool for additional security tweaks


Also validate this document - https://www.outsystems.com/blog/posts/owasp-10-web-application-security-flaws/



Solution

Hi ,


We got the same issue with PEN testing.

If I can show the valid reason from Out systems then I can submit the details to PEN testing.

Any updates on this from OS? 

Thank you in advance.