Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
We’re using jQuery and I’ve come across the following jQuery vulnerability in the National Vulnerability Database:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2379
Has this been fixed in more recent versions of jQuery? The original release date on the vulnerability is 4/30/2007.
I’m trying to ensure that the little jQuery we do use doesn’t expose this vulnerability, does anyone have examples of it?
Have a look at jQuery.getJSON():
Read about JSONP here.
As long as you’re using JSONP, this vulnerability doesn’t exist.
Also, this ‘vulnerability’ is stupid. Anyone can exchange data using JSON, it’s not just jQuery that uses it.