It is estimated that the impact of this problem could be serious, considering that this library is currently used by more than 70% of the functional websites; most sites still use the 1.x and 2.x versions of the library, making them vulnerable to this flaw.
Recently an update patch was released to correct this flaw, three years after the last security update this library received, the cybersecurity experts mention.
Cybersecurity experts have shown that exploiting the vulnerability (identified as CVE-2019-11358) can assign themselves administrator privileges in a web application that uses the jQuery library code.
In addition, experts recommend that web developers working with this library update as soon as possible to the latest version of jQuery (v 3.4.0). According to the reports, the most recent version of the library includes corrections for some undesirable functions during the library use; technical details about each of these fixes can be found in the official jQuery developers’ blog.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.