JavaScript Framework Security Report: jQuery downloaded more than 120 million times

Although the JavaScript library, jQuery, is still in use, it is no longer as popular as it used to be. According to Snyk, an open source security platform, at least six out of ten websites are currently affected by the jQuery XSS vulnerability, and even the jQuery library used to extend the jQuery functionality introduces more security issues. Snyk released the 2019 State Security Report on the JavaScript Framework, which focuses on security reviews of two leading JavaScript frameworks (Angular and React), but also investigates the security of three other front-end JavaScript ecosystem projects Vulnerabilities: Vue.js, Bootstrap, jQuery, etc.

The Snyk report concludes that if you use the following version of jQuery 3.4.0, you are vulnerable to attack.

JavaScript Framework Security Report: jQuery downloaded more than 120 million times

JavaScript Framework Security Report: jQuery downloaded more than 120 million times

According to W3Techs, 84% of sites using jQuery v1.x, which results in four medium-level XSS vulnerabilities, are exacerbated by the use of the jQuery extension library, where 13 of them have been identified.

In the Snyk report, jquery.js is a malicious package that has been downloaded 5444 times in the past 12 months, and it is as severe as the malicious versions of the other two open source community modules (jquery-airload 322 downloads and github-jquery-widget 2 32 downloads).

The report also lists three other extension libraries: jquery-mobile, jquery-upload-upload, and jquery-colorbox, which, although containing arbitrary code execution and cross-site scripting vulnerabilities, and no upgrade path to fix them, are in the past More than 340,000 downloads were made in 12 months.

In recent years, it has been suggested that jQuery is no longer popular, and that it still has high downloads, according to reports, for the following reasons:

At present, it also has a large number of tutorials, existing websites and software are used

JQuery-related plug-ins are very rich, and many of the new js frameworks also support jQuery

A large number of programmers have used jQuery, familiar with its syntax and functionality, and will continue to use it later

Ref: i-programmer

Add a Comment

Your email address will not be published. Required fields are marked *