Artemis icon indicating copy to clipboard operation
Artemis copied to clipboard

Published 20 hours ago verified publisher icon CERT-Polska

Should we report old versions of Javascript libraries? How frequently are they exploitable?

Open kazet opened this issue 1 year ago • 3 comments

kazet avatar Feb 20 '24 12:02 kazet

ideally we should. we do so . there are a lot of malicious (and a few vulnerable) packages out there. you can have a look at this . There are a few utilities as well that might be easy to integrate.

RasenRhino avatar Mar 21 '24 20:03 RasenRhino

Yes, it's crucial to prioritize security patches and stay vigilant against emerging threats in the JavaScript ecosystem. I think while reporting old versions of JavaScript libraries is important for maintaining security and performance, the exploitability of these outdated versions can vary based on factors such as library popularity, severity of vulnerabilities, and timely application of updates by developers.

christinathucanh avatar Mar 24 '24 05:03 christinathucanh

You can refer to https://nvd.nist.gov/, where we can access detailed vulnerability descriptions, affected versions, and potential impact assessments for JavaScript libraries. This data source can help prioritize updates, assess risk levels, and stay informed about emerging threats in the JavaScript ecosystem.

christinathucanh avatar Mar 24 '24 05:03 christinathucanh