Skip to Main Content

QUICK HIT: Known Vulnerabilities in JavaScript Libraries

Data from researchers at Northeastern University (PDF) indicates how vulnerable client-side JavaScript libraries are.

"Web developers routinely rely on third-party JavaScript libraries such as jQuery to enhance the functionality of their sites. However, if not properly maintained, such dependencies can create attack vectors allowing a site to be compromised."

The researchers found that of the 133,000 different websites analyzed, 37% of the sites surveyed included at least one library with a known vulnerability. And what's potentially more problematic is that the median site analyzed used a library version that is 1,177 days (over three years) older than the latest release.

For those websites using vulnerable JavaScript frameworks, let this serve as a wake up call, and the first step toward fixing what could ultimately prove to be a rather serious security problem.

javascript2017a

Leave Your Comment

Login to Comment

Become a Member

Not already a part of our community?
Sign up to participate in the discussion. It's free and quick.

Sign Up

 

Leave a comment
    Load more comments
    New code
  •    
      

    The Ultimate Guide to Personalization

    Kibo