JavaScript Vulnerabilities Identified During Security Testing on Mapviewer 12c (Doc ID 2949519.1)

Last updated on MAY 19, 2023

Applies to:

Oracle Spatial and Graph - Version 19.18.0.0.0 and later
Information in this document applies to any platform.

Symptoms

The following JavaScript vulnerabilities have been identified during security testing. The resolution is to upgrade some of the JavaScript libraries to a later version.

URL: https://<url>/analytics
Library: jquery version 3.3.1 which has vulnerabilities (CVE-2019-11358, CVE-2020-11022, and CVE-2020-11023

URL: https://<url>/jquery-3.3.1.js
Library: jquery version 3.3.1 which has vulnerabilities (CVE-2019-11358, CVE-2020-11022, and CVE-2020-11023

URL: https://<url>/analytics/saw.dll
Library: jquery version 3.3.1 which has vulnerabilities (CVE-2019-11358, CVE-2020-11022, and CVE-2020-11023

URL: https://<url>/jquery-2.1.3.min.js
Library: jquery version 2.1.3.min which has vulnerabilities (CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, and CVE-2020-11023)

URL: https://<url>/knockout-3.3.0.js
Library: knockout version 3.3.0 which has vulnerability XSS injection point in attr name binding for browser IE7 and older (https://github.com/knockout/knockout/issues/1244)

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

JavaScript Vulnerabilities Identified During Security Testing on Mapviewer 12c (Doc ID 2949519.1)

Applies to:

Symptoms

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!