Prototype Pollution vulnerability in jquery.dataTables versions.min.js | WordPress.org

Resolved Dewey Bushaw
(@styledev)

1 year, 6 months ago

This plugin is using an outdated version of jquery.dataTables.min.js (v1.10.10) which is vulnerable to Prototype Pollution up to version 1.10.22 (latest version is 2.0.3). Please consider patching this asap.

Viewing 4 replies - 1 through 4 (of 4 total)

abhishek99rana
(@abhishek99rana)

1 year, 6 months ago

Hi @styledev,

Thank you for pointing out the vulnerability.

We will update the jquery.dataTables.min.js version and push the changes in the upcoming release.

We will inform you once the plugin with the updated jquery.dataTables.min.js is released.

Let me know if you have any other questions or concerns.

Regards,
miniOrange Team

Thread Starter Dewey Bushaw
(@styledev)

1 year, 6 months ago

Awesome, thank you.

abhishek99rana
(@abhishek99rana)

1 year, 6 months ago

Hi @styledev,

I hope you are doing well.

The jquery.dataTables.min.js has been updated to the latest version, i.e., v2.0.6 and the vulnerability has been fixed.

The miniOrange 2FA plugin with the fixed vulnerability has been pushed on WordPress and is available to download.

Let me know if you have any other concerns.

Regards,
miniOrange Team

abhishek99rana
(@abhishek99rana)

1 year, 6 months ago

Hi @styledev,

We are closing this ticket as of now.
You can reopen this ticket whenever you need assistance with miniOrange 2FA plugin.

Regards,
miniOrange team

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Prototype Pollution vulnerability in jquery.dataTables versions.min.js’ is closed to new replies.

Tags

2fa

6 replies
2 participants
Last reply from: abhishek99rana
Last activity: 1 year, 6 months ago
Status: resolved