cancel
Showing results for 
Search instead for 
Did you mean: 

Security Scan failed SUPEE-10975

Security Scan failed SUPEE-10975

Hello, my Magento 1.9.1 is patched with The SUPEE-10975 and ok, but since yesterday i have a security scan failed :

SUPEE-10975 - Failed.
Outdated JQuery library v.1.12.0 found (PRODSECBUG-2108), got '301'.

 

Thanks

8 REPLIES 8

Re: Security Scan failed SUPEE-10975

@Stef82000I doubt it's a false positive. Possibly a third party extension is installed and using an outdated version of jquery or something else. My recommendation would be to connect with Magento security team security@magento.com and provide the details like your website and issue you are seeing.

 

They will be able to resolve your issue asap.

 

Problem solved? Please give 'Kudos' and accept 'Answer as Solution'.

- Tarandeep
Problem solved?Please give 'Kudos' and accept 'Answer as Solution'.

Re: Security Scan failed SUPEE-10975

Hi @Stef82000 

 

Check page.xml file of your custom theme. If it has following version of jQuery

<action method="addJs"><script>lib/jquery/jquery-1.12.0.min.js</script></action>

then you should upgrade it to 

<action method="addJs"><script>lib/jquery/jquery-1.12.1.min.js</script></action>
---
Problem Solved Click Accept as Solution!:Magento Community India Forum

Re: Security Scan failed SUPEE-10975

No i dont't have this one. But in my log, i see the scan try to GET xxx.org/js/lib/jquery/jquery-1.12.0.min.js and a redirection is made to 1.12.1, so the result is 301. 

The scan was ok since 5 days ago.

Re: Security Scan failed SUPEE-10975

@Stef82000 What @Mukesh Tiwari recommended is going to be your most likely answer.

 

The security scan is returning a 301 for that which means that somewhere in your site there is a reference to that exact file. Search your entire codebase for it is you don't find it in page.xml (although this is where it most likely is).

 

Re: Security Scan failed SUPEE-10975

Thanks for your help, but I Don't have this line, and 1.12.0 file doesn't exist

Re: Security Scan failed SUPEE-10975

@Stef82000 have you found any solution? I am having the same issue. I see entire codebase but file is not there. I have also checked from console to see which jquery is loading using this 

console.log(window.jQuery.fn.jquery); it showing 1.12.1. don't know from where scan finds old Jquery.

Re: Security Scan failed SUPEE-10975

I still have the same problem. I ausi, I checked everything but no solution. Can you inform me if you find the solution

Re: Security Scan failed SUPEE-10975

Hello,

 

HTTP 301 (Moved permanently) is obviously not the correct server response for the item that does not exist.

Security Scanner Tool expects a simple HTTP 404 (Not Found) response code.