An insecure mess: How flawed JavaScript is turning web into a hacker’s playground


This chart shows the fraction of JavaScript library versions with distinct known vulnerabilities, each represented by colors, out of the total library versions in brackets.

Image: Northeastern University

An analysis of over 133,000 websites has found that 37 percent of them have at least one JavaScript library with a known vulnerability.

Researchers from Northeastern University have followed up on research in 2014 that drew attention to potential security risks caused by loading outdated versions of JavaScript libraries, such as such as jQuery, and the AngularJS framework in the browser.

As the Northeastern researchers highlight in a new paper, vulnerable libraries can be dangerous under the right conditions, pointing to an old cross-site scripting bug in jQuery, which will allow an attacker to inject malicious scripts into a vulnerable site….


Published on ZdnetRead full Article

Articoli Raccomandati

Contatto Rapido



©2018 - Privacy - Terms - Cookies - About

Log in with your credentials


Forgot your details?

Create Account