Vulnerable JS library
We are using metronic themes in our application. We just run a test with OWASP tool and it identified " Vulnerable JS library " because of some of the scripts are outdated.
Can we get the themes with updated script ?
Replies (8)
Hi Suresh,
Thank you for your feedback.
Could you please specify the followings?
1) Which product and which product version you are using?
2) Are there any steps on how we can reproduce this error?
3) If an error is related to some specific library/dependency, let us know so we can review it.
Regards,
Lauris Stepanovs,
Keenthemes Support Team
Dear Lauris,
Thanks for your prompt reply on this. Please find my comments.
1) Which product and which product version you are using?
We downloaded metronic_v8.0.38_html_demo1.zip (free version) /js/plugins.bundle.js and in this file we found 'jQuery JavaScript Library v3.6.0'.
2) Are there any steps on how we can reproduce this error?
You can use 'OWASP ZAP 2.12.0' tool. You can scan your website.
3) If an error is related to some specific library/dependency, let us know so we can review it.
The identified library moment.js, version 2.29.1 is vulnerable.
Hi Suresh,
We checked our theme with OWASP ZAP but still didn't manage to get the same error, it seems that at the moment we do not use the latest version of moment dependency so probably updating this to the latest version might fix this error.
Try to change the version of moment dependency to ^2.29.4 in your package.json.
"moment": "^2.29.4",Regards,
Lauris Stepanovs,
Keenthemes Support Team
Dear Lauris,
Thanks for your advice to change the version.
After I updated the the version to 2.29.4 in plugins.bundle.js the error is gone.
Thanks a lot for your help.
Dear Lauris,
I just tried sign-in form, We are getting another issue with smoothScroll and formvalidation.
Uncaught SyntaxError: "" string literal contains an unescaped line break plugins.bundle.js:64:12968
Uncaught ReferenceError: SmoothScroll is not defined
initSmoothScroll https://localhost:7187/js/scripts.bundle.js:2867
init https://localhost:7187/js/scripts.bundle.js:2722
<anonymous> https://localhost:7187/js/scripts.bundle.js:2916
onDOMContentLoaded https://localhost:7187/js/scripts.bundle.js:2608
<anonymous> https://localhost:7187/js/scripts.bundle.js:2915
scripts.bundle.js:2867:13
Uncaught ReferenceError: FormValidation is not defined
init https://localhost:7187/js/general.js:10
<anonymous> https://localhost:7187/js/general.js:68
onDOMContentLoaded https://localhost:7187/js/scripts.bundle.js:2608
<anonymous> https://localhost:7187/js/general.js:67
Hi Suresh,
You should have a global SmoothScroll instance in the file _keenthemes/tools/webpack/plugins/plugins.js
window.SmoothScroll = require("smooth-scroll/dist/smooth-scroll.js");Have you modified anything else in our codebase?
Regards,
Lauris Stepanovs,
Keenthemes Support Team
Dear Lauris,
No, I did not modify anything. I just updated the version only for moment.js and run the application and the error in browser console.
And I dont have tools/webpack/plugins/plugins.js. We have only assets/plugins/global/plugins.bundle.js.
I cannot find window.SmoothScroll in any of our script files.
Could you please advice for this error ?
Hi Suresh,
Do you use your own Aps.Net-Core project setup or our Asp.Net-Core Starterkit?
On a sign-in page in our Starterkit, we do not have this issue I would suggest you first try to update to the latest Metronic version.
Regards,
Lauris Stepanovs,
Keenthemes Support Team
