Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Score big with last-minute savings on the final tickets to FabCon Vienna. Secure your discount

ledl

Components with known vulnerabilities

Submitted by on ‎01-06-2020 05:51 AM

Hello, we are embedding powerbi dashboards and a security scan found out that you are using some third party libraries with known vulnerabilities.

E.g. jquery 2.2.4, used in reportembed.externals.bundle.min.js, has two medium and one low known security vulnerabilities.

Could you, please, upgrade them?

 

Thank you.

 

See the complete report:

https://app.powerbi.com/13.0.11747.192/scripts/reportembed.externals.bundle.min.js

angularjs 1.6.8

  low: XSS through SVG if enableSvg is set

jquery 2.2.4

  medium: 2432 3rd party CORS request may execute CVE-2015-9251

  medium: CVE-2015-9251 11974 parseHTML() executes scripts in event handlers

  low: CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

moment.js 2.10.6

  low: reDOS -regular expression denial of service

Status: New
See more ideas labeled with:
1 Comment (1 New)
Comments
v-qiuyu-msft
Community Support
Community Support
‎01-06-2020 10:41 PM

Hi @ledl

 

I would suggest you create a support ticket to get help. 

 

Support Ticket.gif

 

Best Regards,
Qiuyun Yu

Idea Statuses