Hi all,
We started using Matomo recently, but it was flagged by our security scanner with following vulnerabilities in angular and jquery dependency:
sonatype-2016-0064 - angular 1.8.2
sonatype-2019-0115 - jquery 2.2.4
sonatype-2014-0026 - jquery 2.2.4
CVE-2020-11023 - jquery 2.2.4
sonatype-2016-0107 - jquery 2.2.4
sonatype-2020-0187 - jquery 2.2.4
Can I check if anybody faced this problem or any recommended fix?
@SteveG, what is your opinion?
We are checking all angular and jquery vulnerabilities if they affect Matomo in any way. All currently known ones only affect parts that we don’t use or we implemented custom fixes (that most likely won’t be detected by security scanners).
There should currently be no vulnerability that can be used to harm Matomo or it’s users.
If you think you found one and you are able to provide a proof of concept how it can be used, feel free to report it within our security program: https://matomo.org/security/