Thanks for your response. Initially I got following error: {
"result": "warning",
"message": "3rd party CORS request may execute\nparseHTML() executes scripts in event handlers\njQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution\nRegex in its jQuery.htmlPrefilter sometimes may introduce XSS\nRegex in its jQuery.htmlPrefilter sometimes may introduce XSS\nreDOS - regular expression denial of service\n",
"message_filename": "/opt/app7hugi7qy/TA-druva/appserver/static/js/build/common.js",
"message_line": null
} This is related to upgrade of JQuery version to 3.5.0. Since I had minified javascript (path - appserver/static/js/build/common.js), I couldn't find jquery version import anywhere but I found "contrib/jquery-2.1.0" in this file and replaced it with "contrib/jquery-3.5.0". After running AppInspect on the updated app, getting following warning: {
"description": "Checks related to JavaScript usage.",
"name": "check_javascript_usage",
"checks": [
{
"description": "Detect usage of JavaScript libraries with known vulnerabilities.",
"name": "check_for_vulnerable_javascript_library_usage",
"tags": [
"cloud",
"future",
"jquery",
"security"
],
"result": "warning",
"messages": [
{
"result": "warning",
"message": "reDOS - regular expression denial of service\n",
"message_filename": "/opt/appdlobc8sm/TA-druva/appserver/static/js/build/common.js",
"message_line": null
}
]
}
]
} Usually the error "reDOS - regular expression denial of service” in jQuery is related to jQuery-validation library but we aren’t using any such library. Is it fine to submit the app with this warning? If not, kindly suggest how to fix this issue.
... View more