Vulnerability: Out dated 3rd party libraries in DevTest Portal
Article ID: 217530
Updated On:
Products
Issue/Introduction
We have recently purchased/installed DevTest 10.6 and our security team has shared the below findings:
The following 3rd party libraries (Angular JS, Jquery, Jquery UI Autocomplete, Dialog, Tooltip) are out-dated. The current versions of these libraries contain vulnerabilities and need to be updated.
|
Library |
Version |
Reference ID |
|
Jquery |
2.1.1 |
CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023 |
|
Jquery UI Tooltip, Dialog, Autocomplete |
1.10.4 |
|
|
Angular JS |
1.4.3 |
QUESTION: How can we upgrade these libraries? What are the latest versions supported with DevTest 10.6?
Environment
Release : 10.6
Component : SERVICE VIRTUALIZATION DOC
Cause
The current release of 3rd Party applications used by DevTest 10.6 can be found in the Release Notes, at:
https://techdocs.broadcom.com/us/en/ca-enterprise-software/devops/devtest-solutions/10-6/release-notes/third-party-acknowledgments.html
Resolution
Since the severity of this vulnerability is Medium risk, these libraries will not be updated in the upcoming DevTest 10.7 release.
Product Management has decided to place this in their backlog and will defer, and consider this for the next release after DevTest 10.7.
Feedback
