Grav & security vulnerability in jquery?

Hello there!

I am evaluating if Grav suits my usecase, some things I like, one thing leaves me headscratching.

When I run the audit¹ on or on a starterkit it returns 2 security vulnerabilities related to jquery 2.2.4:

Cross-site Scripting (XSS) <1.12.2,>=1.12.3 <2.2.2,>=2.2.3 <3.0.0 Not available 27 Nov, 2016

[ Prototype Pollution ](can only put one link as new user, replace last part with vuln/SNYK-JS-JQUERY-174006) <3.4.0 Not available 27 Mar, 2019

Is chromium right? Is this something I can resolve or something being already addressed, is it a will not fix, needs no fix, …?

I m feeling concerned, please elaborate : )

1: Chromium -> Webinpector (strg+alt+i) -> audit

I can’t speak about the vulerability specifically, but it’s part of the theme you are using rather than Grav itself. It will be very simple to switch versions of Jquery or use another theme.

However, please consider reporting this to the maintainer of the theme you are using.

1 Like