Vulnerable JS library

We are using metronic themes in our application. We just run a test with OWASP tool and it identified " Vulnerable JS library " because of some of the scripts are outdated.

Can we get the themes with updated script ?

Text formatting options
Submit
Here's a how to add some HTML formatting to your comment:
  • <pre></pre> for JS codes block
  • <pre lang="html"></pre> for HTML code block
  • <pre lang="scss"></pre> for SCSS code block
  • <pre lang="php"></pre> for PHP code block
  • <code></code> for single line of code
  • <strong></strong> to make things bold
  • <em></em> to emphasize
  • <ul><li></li></ul>  to make list
  • <ol><li></li></ol>  to make ordered list
  • <h3></h3> to make headings
  • <a></a> for links
  • <img> to paste in an image
  • <blockquote></blockquote> to quote somebody
  • happy  :)
  • shocked  :|
  • sad  :(

Replies (8)

Hi Suresh,

Thank you for your feedback.

Could you please specify the followings?

1) Which product and which product version you are using?
2) Are there any steps on how we can reproduce this error?
3) If an error is related to some specific library/dependency, let us know so we can review it.

Regards,
Lauris Stepanovs,
Keenthemes Support Team

Dear Lauris,

Thanks for your prompt reply on this. Please find my comments.

1) Which product and which product version you are using?
We downloaded metronic_v8.0.38_html_demo1.zip (free version) /js/plugins.bundle.js and in this file we found 'jQuery JavaScript Library v3.6.0'.

2) Are there any steps on how we can reproduce this error?
You can use 'OWASP ZAP 2.12.0' tool. You can scan your website.

3) If an error is related to some specific library/dependency, let us know so we can review it.
The identified library moment.js, version 2.29.1 is vulnerable.

Hi Suresh,

We checked our theme with OWASP ZAP but still didn't manage to get the same error, it seems that at the moment we do not use the latest version of moment dependency so probably updating this to the latest version might fix this error.

Try to change the version of moment dependency to ^2.29.4 in your package.json.

"moment": "^2.29.4",

Regards,
Lauris Stepanovs,
Keenthemes Support Team

Dear Lauris,

Thanks for your advice to change the version.

After I updated the the version to 2.29.4 in plugins.bundle.js the error is gone.

Thanks a lot for your help.

Dear Lauris,

I just tried sign-in form, We are getting another issue with smoothScroll and formvalidation.

Uncaught SyntaxError: "" string literal contains an unescaped line break plugins.bundle.js:64:12968
Uncaught ReferenceError: SmoothScroll is not defined
initSmoothScroll https://localhost:7187/js/scripts.bundle.js:2867
init https://localhost:7187/js/scripts.bundle.js:2722
https://localhost:7187/js/scripts.bundle.js:2916
onDOMContentLoaded https://localhost:7187/js/scripts.bundle.js:2608
https://localhost:7187/js/scripts.bundle.js:2915
scripts.bundle.js:2867:13
Uncaught ReferenceError: FormValidation is not defined
init https://localhost:7187/js/general.js:10
https://localhost:7187/js/general.js:68
onDOMContentLoaded https://localhost:7187/js/scripts.bundle.js:2608
https://localhost:7187/js/general.js:67

Hi Suresh,

You should have a global SmoothScroll instance in the file _keenthemes/tools/webpack/plugins/plugins.js

window.SmoothScroll = require('smooth-scroll/dist/smooth-scroll.js');

Have you modified anything else in our codebase?

Regards,
Lauris Stepanovs,
Keenthemes Support Team

Dear Lauris,

No, I did not modify anything. I just updated the version only for moment.js and run the application and the error in browser console.

And I dont have tools/webpack/plugins/plugins.js. We have only assets/plugins/global/plugins.bundle.js.

I cannot find window.SmoothScroll in any of our script files.

Could you please advice for this error ?

Hi Suresh,

Do you use your own Aps.Net-Core project setup or our Asp.Net-Core Starterkit?

On a sign-in page in our Starterkit, we do not have this issue I would suggest you first try to update to the latest Metronic version.

Regards,
Lauris Stepanovs,
Keenthemes Support Team

Text formatting options
Submit
Here's a how to add some HTML formatting to your comment:
  • <pre></pre> for JS codes block
  • <pre lang="html"></pre> for HTML code block
  • <pre lang="scss"></pre> for SCSS code block
  • <pre lang="php"></pre> for PHP code block
  • <code></code> for single line of code
  • <strong></strong> to make things bold
  • <em></em> to emphasize
  • <ul><li></li></ul>  to make list
  • <ol><li></li></ol>  to make ordered list
  • <h3></h3> to make headings
  • <a></a> for links
  • <img> to paste in an image
  • <blockquote></blockquote> to quote somebody
  • happy  :)
  • shocked  :|
  • sad  :(
Text formatting options
Submit
Here's a how to add some HTML formatting to your comment:
  • <pre></pre> for JS codes block
  • <pre lang="html"></pre> for HTML code block
  • <pre lang="scss"></pre> for SCSS code block
  • <pre lang="php"></pre> for PHP code block
  • <code></code> for single line of code
  • <strong></strong> to make things bold
  • <em></em> to emphasize
  • <ul><li></li></ul>  to make list
  • <ol><li></li></ol>  to make ordered list
  • <h3></h3> to make headings
  • <a></a> for links
  • <img> to paste in an image
  • <blockquote></blockquote> to quote somebody
  • happy  :)
  • shocked  :|
  • sad  :(