Summary by National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
Sites version has been updated.
Vulnerable JS Library jquery.dataTables 1.10.20 on asdc.larc.nasa.gov
Disclosed by 4m3rr0r- Engagement National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
- Disclosed date 6 months ago
- Priority P5 Bugcrowd's VRT priority rating
- Status Resolved This vulnerability has been accepted and fixed
Summary by 4m3rr0r
This report identified that the NASA ASDC site uses an outdated version of the DataTables JavaScript library (v1.10.20), which is affected by known vulnerabilities (CVE-2020-7662, CVE-2020-28458, CVE-2021-23445). These bugs could lead to XSS or prototype pollution if exploited in certain contexts. The report was responsibly submitted and acknowledged. Upgrade to the latest version (v1.11.3+) is recommended.