Author Topic: Vulnerable Script...vulnerable dependances..  (Read 850 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Vulnerable Script...vulnerable dependances..
« on: May 25, 2019, 08:06:31 PM »
Detected: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=c11eYnVea3t0ZnwwYjY2NjQzODgyZmIwfDMwNS5zMy58bXx6XW58d3MuXl1t~enc
and on -https://aws.amazon.com/s3/
Retire.js
handlebars.js   4.0.5   Found in -https://a0.awsstatic.com/libra/1.0.279/libra-bundle.js
Vulnerability info:
High   A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template   
Read: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183
& https://github.com/wycats/handlebars.js/commit/cd38583216dce3252831916323202749431c773e
jquery   3.2.1   Found in -https://a0.awsstatic.com/libra/1.0.279/libra-head.js
Vulnerability info:
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   123

Re: Results from scanning URL: -https://a0.awsstatic.com/libra/1.0.279/libra-bundle.js
Number of sources found: 239
Number of sinks found: 96

linked in some sense to -http://35stupenek.ru/wp-content/themes/Direct/ , known infection source/not recommended site by Dr Web's.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!