Vulnerability on JQuery Okta Sign-In Widget

Select Language

0D54z00007pMcJeCAKOkta Classic EngineOkta Integration NetworkAnswered2024-01-19T11:02:07.000Z2022-07-24T03:52:21.000Z2022-07-25T15:56:39.000Z

LarryD.25867 (Customer) asked a question.

July 24, 2022 at 3:52 AM

Vulnerability on JQuery Okta Sign-In Widget

We observed a vulnerable JavaScript library.

JQuery version 1.12.4, which has the following vulnerabilities:

• CVE-2015-9251: 3rd party CORS request may execute

• CVE-2015-9251: parseHTML() executes scripts in event handlers

• CVE-2019-11358: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

• CVE-2020-11022: Regex in its jQuery.htmlPrefilter sometimes may introduce XSS

• CVE-2020-11023: Regex in its jQuery.htmlPrefilter sometimes may introduce XSS

flaviu.vrinceanu1.5628408972654734E12 (Customer Success Service Delivery)
4 years ago
Hi @LarryD.25867 (Customer),

Thank you for posting on the Okta community page!

I have done some research and I have managed to find the bellow documentation that contains information about the 1.12.4 JQuery version:
https://support.okta.com/help/s/article/Is-Okta-using-jquery-1-12-4-in-the-signin-widget?language=en_US

I hope the above information is useful!
Expand Post

This question is closed.

Your Privacy

Your Privacy

Strictly Necessary Cookies

Strictly Necessary Cookies

Functional Cookies

Functional Cookies

Performance Cookies

Performance Cookies

Share or Sell of Personal Data

Share or Sell of Personal Data

Advertising Cookies

Your Privacy

Your Privacy

Strictly Necessary Cookies

Strictly Necessary Cookies

Functional Cookies

Functional Cookies

Performance Cookies

Performance Cookies

Share or Sell of Personal Data

Share or Sell of Personal Data

Advertising Cookies