thr3ads.net - Secure testing team - [Secure-testing-team] prototypejs, scriptaculous embedded in libhtml-prototype-perl [Nov 2009]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Ansgar Burchardt

2009-Nov-30 08:14 UTC

[Secure-testing-team] prototypejs, scriptaculous embedded in libhtml-prototype-perl

Hi,

please add the following information to the list of embedded code
copies:

prototypejs
 - libhtml-prototype-perl <unfixed> (embed; bug #538920)

scriptaculous
 - libhtml-prototype-perl <unfixed> (embed; bug #538920)

Note that the JavaScript libraries are included in the Perl module
sources, so they are easy to miss.  They are also quite outdated:
the included prototype version is 1.4.0, the script.aculo.us library
have a copyright year of 2005 (I did not see a version number).

I suspect the included versions might also be affected by some recent
security issues?  At least CVE-2007-2383, CVE-2008-7220 look
suspicious.

Regards,
Ansgar

Secure testing team - Nov 2009 - prototypejs, scriptaculous embedded in libhtml-prototype-perl

[Secure-testing-team] prototypejs, scriptaculous embedded in libhtml-prototype-perl