Base solution for your next web application
Ends in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

Vulnerability Scan Results March 2022 #10978


User avatar
0
kfrancis created
  • What is your product version? v11.1
  • What is your product type (Angular or MVC)? MVC
  • What is product framework type (.net framework or .net core)? net6.0

We're in the very end of a process that has required us to get a Privacy Impact Assessment, Threat Risk Assessment, Penetration Test and Vulnerability Scans and there are some items that we can't resolve because they are internal to this project.

1. Page.js contains an insecure version of jquery:

"/saas/js/page.min.js contains jquery 3.4.1 which has known vulnerabilities."

The main site uses 3.6.0 (latest), can page.js use that already correct version?

2. User session timeout does not work propertly:

"The application does not terminate users’ sessions after session timeout; users’ sessions can be resumed without login to the (oauth provider) again."

This might just be configuration, but we're not certain where.


3 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @kfrancis

    For item 1, you can just upgrade jquery verison. We have already upgraded it in hte latest verison. For item 2, we will check it out and inform you.

  • User Avatar
    0
    kfrancis created

    So, page.js is bundled but from what? I'm not sure I have anything but the pre-bundled file here.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    By default, AspNet Zero doesn't contain any page.js file (/saas/js/page.min.js or /saas/js/page.js). I thought it is a file you or one of your teammate created. Could you check bundles.json and see if it contains an entry for page.js or page.min.js ?