## Critical jQuery 1.8.0 Vulnerabilities Exposed in GitHub Repository, Highest Severity 6.9
A critical security exposure has been identified within a public GitHub repository, where an outdated and vulnerable version of the jQuery library is actively deployed. The file `jquery-1.8.0.min.js` contains six documented vulnerabilities, with the highest severity scoring 6.9 on the CVSS scale. This library is embedded in the project's web content, specifically at `/WebContent/swagger/lib/`, making it a direct attack vector for any application or service built from this codebase. The presence of such an antiquated library in a modern code commit signals a significant oversight in dependency management and software supply chain security.

The vulnerable component is the ubiquitous jQuery JavaScript library, used for DOM operations. The specific version, 1.8.0, was released over a decade ago and has multiple known security flaws for which patches have long been available in later releases. The library is being sourced from a public CDN (cdnjs.cloudflare.com), but its outdated version negates any external hosting benefits. The finding is tied to a specific commit (`afe22653203bf14c06795c5dabac9deb7b059e42`) in the `MendPerformance/engine-handler-19540` repository, confirming the vulnerable code is part of the current project HEAD and not legacy, archived material.

This exposure creates immediate risk for any application inheriting this code. The vulnerabilities could potentially allow for cross-site scripting (XSS), denial of service, or other client-side attacks, depending on how the jQuery functions are utilized. For organizations using or forking this repository, it necessitates urgent remediation—upgrading the jQuery dependency to a patched version. The incident highlights the persistent threat of unmaintained open-source dependencies within software development pipelines and the ease with which high-severity flaws can be propagated through public code repositories.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: cybersecurity, vulnerability, open-source, github, software-supply-chain
- **Credibility**: unverified
- **Published**: 2026-04-07 10:27:13
- **ID**: 52874
- **URL**: https://whisperx.ai/en/intel/52874