DataTables Improper Neutralization of Input During Web Page Generation ('Cross-siteScripting') Vulnerability
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it wouldnot have its contents escaped.
ASP.NET, WebForm, 下面哪個套件會需要 jquery.datatables 1.10.15 套件?
AngleSharp 0.17.1
AngleSharp.Css 0.17.0
Antlr 3.5.0.2
Aspose.Cells 25.3.0
Autofac 8.2.0
Autofac.WebApi2 6.1.1
bootstrap 3.4.1
BouncyCastle.Cryptography 2.5.1
ByteSize 2.1.2
ClosedXML 0.104.2
ClosedXML.Parser 1.3.0
DocumentFormat.OpenXml 3.3.0
DocumentFormat.OpenXml.Framework 3.3.0
DotNetZip 1.16.0
EFUtilities 1.0.2
elmah 1.2.2
elmah.corelibrary 1.2.2
EntityFramework 6.5.1
Enums.NET 5.0.0
ExcelDataReader 3.7.0
ExcelDataReader.DataSet 3.7.0
ExcelNumberFormat 1.1.0
ExtendedNumerics.BigDecimal 3000.0.3.40
FastMember 1.5.0
FastMember.Signed 1.5.0
FreeDataExports 1.1.12
html5-shiv 3.7.3
HtmlSanitizer 9.0.876
Irony 1.5.3
Irony.NetCore 1.1.11
JetBrains.Annotations 2024.3.0
jQuery 3.7.1
jQuery.UI.Combined 1.14.1
js-cookie 2.2.1
LinqKit 1.3.8
LinqKit.Core 1.2.8
LogicExtensions 0.0.3
MailKit 4.11.0
MathNet.Numerics.Signed 5.0.0
Microsoft.AspNet.FriendlyUrls 1.0.2
Microsoft.AspNet.FriendlyUrls.Core 1.0.2
Microsoft.AspNet.FriendlyUrls.Core.zh-Hant 1.0.2
Microsoft.AspNet.Identity.Core 2.2.4
Microsoft.AspNet.Identity.Core.zh-Hant 2.2.4
Microsoft.AspNet.Identity.EntityFramework 2.2.4
Microsoft.AspNet.Identity.EntityFramework.zh-Hant 2.2.4
Microsoft.AspNet.Identity.Owin 2.2.4
Microsoft.AspNet.Identity.Owin.zh-Hant 2.2.4
Microsoft.AspNet.Providers.Core 2.0.0
Microsoft.AspNet.Providers.Core.zh-Hant 2.0.0
Microsoft.AspNet.ScriptManager.MSAjax 5.0.0
Microsoft.AspNet.ScriptManager.WebForms 5.0.0
Microsoft.AspNet.Web.Optimization 1.1.3
Microsoft.AspNet.Web.Optimization.WebForms 1.1.3
Microsoft.AspNet.Web.Optimization.zh-Hant 1.1.3
Microsoft.AspNet.WebApi 5.3.0
Microsoft.AspNet.WebApi.Client 6.0.0
Microsoft.AspNet.WebApi.Client.zh-Hant 6.0.0
Microsoft.AspNet.WebApi.Core 5.3.0
Microsoft.AspNet.WebApi.Core.zh-Hant 5.3.0
Microsoft.AspNet.WebApi.WebHost 5.3.0
Microsoft.AspNet.WebApi.WebHost.zh-Hant 5.3.0
Microsoft.Bcl.AsyncInterfaces 9.0.3
Microsoft.Bcl.Build 1.0.21
Microsoft.Bcl.Cryptography 9.0.3
Microsoft.Bcl.HashCode 6.0.0
Microsoft.CSharp 4.7.0
Microsoft.Extensions.DependencyInjection 9.0.3
Microsoft.Extensions.DependencyInjection.Abstractions 9.0.3
Microsoft.IO.RecyclableMemoryStream 3.0.1
Microsoft.NETCore.Platforms 7.0.4
Microsoft.Owin 4.2.2
Microsoft.Owin.Host.SystemWeb 4.2.2
Microsoft.Owin.Security 4.2.2
Microsoft.Owin.Security.Cookies 4.2.2
Microsoft.Owin.Security.OAuth 4.2.2
Microsoft.Web.Infrastructure 2.0.0
Microsoft.Win32.Primitives 4.3.0
MimeKit 4.11.0
Modernizr 2.8.3
Moment.js 2.30.1
NETStandard.Library 2.0.3
Newtonsoft.Json 13.0.3
Newtonsoft.Json.Bson 1.0.3
NLog 5.4.0
NLog.Schema 5.4.0
NPOI 2.7.3
Npoi.Mapper 6.2.2
Oracle.ManagedDataAccess 23.7.0
Owin 1.0
popper.js 1.16.1
Portable.BouncyCastle 1.9.0
RBush 4.0.0
Respond 1.4.2
RestSharp 106.15.0
SendGrid 9.29.3
SendGrid.CSharp.HTTP.Client 3.4.12
SendGrid.SmtpApi 1.4.6
SharpZipLib 1.4.2
SixLabors.Fonts 1.0.1
SixLabors.ImageSharp 3.1.7
starkbank-ecdsa 1.3.3
Swashbuckle 5.6.0
Swashbuckle.Core 5.6.0
System.AppContext 4.3.0
System.Buffers 4.6.1
System.Collections 4.3.0
System.Collections.Concurrent 4.3.0
System.Collections.Immutable 9.0.3
System.Configuration.ConfigurationManager 9.0.3
System.Console 4.3.1
System.Diagnostics.Debug 4.3.0
System.Diagnostics.DiagnosticSource 9.0.3
System.Diagnostics.Tools 4.3.0
System.Diagnostics.Tracing 4.3.0
System.Formats.Asn1 9.0.3
System.Globalization 4.3.0
System.Globalization.Calendars 4.3.0
System.IO 4.3.0
System.IO.Compression 4.3.0
System.IO.Compression.ZipFile 4.3.0
System.IO.FileSystem 4.3.0
System.IO.FileSystem.Primitives 4.3.0
System.IO.Packaging 9.0.3
System.IO.Pipelines 9.0.3
System.IO.UnmanagedMemoryStream 4.3.0
System.Linq 4.3.0
System.Linq.Dynamic.Core 1.6.0.2
System.Linq.Expressions 4.3.0
System.Linq.Queryable 4.3.0
System.Memory 4.6.2
System.Net.Http 4.3.4
System.Net.Primitives 4.3.1
System.Net.Sockets 4.3.0
System.Numerics.Vectors 4.6.1
System.ObjectModel 4.3.0
System.Reflection 4.3.0
System.Reflection.Emit.ILGeneration 4.7.0
System.Reflection.Emit.Lightweight 4.7.0
System.Reflection.Extensions 4.3.0
System.Reflection.Primitives 4.3.0
System.Resources.ResourceManager 4.3.0
System.Runtime 4.3.1
System.Runtime.CompilerServices.Unsafe 6.1.1
System.Runtime.Extensions 4.3.1
System.Runtime.Handles 4.3.0
System.Runtime.InteropServices 4.3.0
System.Runtime.InteropServices.RuntimeInformation 4.3.0
System.Runtime.Numerics 4.3.0
System.Security.AccessControl 6.0.1
System.Security.Cryptography.Algorithms 4.3.1
System.Security.Cryptography.Encoding 4.3.0
System.Security.Cryptography.Pkcs 9.0.3
System.Security.Cryptography.Primitives 4.3.0
System.Security.Cryptography.X509Certificates 4.3.2
System.Security.Cryptography.Xml 9.0.3
System.Security.Permissions 9.0.3
System.Security.Principal.Windows 5.0.0
System.Text.Encoding 4.3.0
System.Text.Encoding.CodePages 9.0.3
System.Text.Encoding.Extensions 4.3.0
System.Text.Encodings.Web 9.0.3
System.Text.Json 9.0.3
System.Text.RegularExpressions 4.3.1
System.Threading 4.3.0
System.Threading.Tasks 4.3.0
System.Threading.Tasks.Extensions 4.6.2
System.Threading.Tasks.Parallel 4.3.0
System.Threading.Timer 4.3.0
System.ValueTuple 4.6.1
System.Xml.ReaderWriter 4.3.1
System.Xml.XDocument 4.3.0
vue 2.6.11
WebActivatorEx 2.2.0
WebGrease 1.6.0
X.PagedList 10.5.7
XLParser 1.7.5
ChatGPT 說:
在這些套件中,jquery.datatables 1.10.15 這個套件會通常是由那些需要處理資料表格並提供高度互動性的功能(例如排序、搜尋、分頁等)來使用。如果你的專案中有使用到 DataTables 函式庫來增強表格功能,這個套件將會是需要的。
根據你的清單,並沒有直接顯示 jquery.datatables 1.10.15。可能需要你額外加入這個套件,或者有其他套件會依賴它。例如,如果你有使用 jQuery 且有資料表格的功能需求,這時候可能會需要 jquery.datatables。
如果是問是否有其他套件會隱式依賴 jquery.datatables,常見的情況是:
* 任何涉及 UI 表格展示並需要高度互動的庫,像是 Bootstrap (搭配 DataTables 的樣式)。
* 某些前端的資料顯示框架或插件,可能會需要這個套件來增強表格功能。
你可以進一步檢查專案中是否有這類需求,並安裝 jquery.datatables。
<script type="text/javascript" src="<%= Page.ResolveClientUrl("~/Scripts/DataTables/jquery.dataTables.min.js") %>"></script>
沒有留言:
張貼留言