and other security researchers often show that over 80% of websites use a version of jQuery with at least one known vulnerability. The Delayed Discovery:
An attacker could steal session cookies, log keystrokes, or perform actions on behalf of the authenticated user. If your app uses $.parseHTML() or .html() with unsanitized user input, v2.1.3 provides no protection. jquery v2.1.3 vulnerabilities
- Search NVD (NIST National Vulnerability Database) or CVE.org for "jQuery 2.1.3" and other security researchers often show that over
The "Prototype Pollution" bug (CVE-2019-11358) wasn't disclosed until 2019—nearly five years after v2.1.3 was released. This means developers used the library for years believing it was secure while a fundamental flaw sat in the core code. Breaking Changes: jquery v2.1.3 vulnerabilities