Google Play Store Security Alert Says that your app contains Vulnerable JavaScript libraries how to remove the security warning?

Question

In Google Play Store am getting warning below like this,

Your app contains one or more libraries with known security issues. Please see this Google Help Center artic

Answer 1

I have solved this using the jQuery from CDN.

I am using jQueryMobile in my apps which is not supported by jQuery v3+. So, I had no choice but to stick with jQuery v2. So, I have used Google's CDN instead of local .js file and it worked!

Answer 2

This issue refers to an old vulnerability of jquery from your res/raw/jquery_min.js file.

Just updated the jquery_min.js to v3.4.1 and fix it.

You can fix it manually in your file change in the code:

From:

if(null!=(e=arguments[s]))for(t in e)n=a[t],a!==(r=e[t])&&(l&&r&&(w.isPlainObject(r)||

To:

if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(k.isPlainObject(r)||

I found this solution in https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/ and worked for me.

Answer 3

1. uses the latest jquery v3.4.0+
2. if the old jquery v1.x/v2.x must be used because your codes or the 3rd party libraries dependence (like jquery mobile etcs), you can take a patch from DanielRuf's snyk-js-jquery-174006 (*)

(*) but I am not sure how Google finds the jquery file in apk has vulnerability and been patched...needs to test(**)

2/1/2020 updated: use above method 2 patched file can't avoid the Google alert checking. Removes the first comment line

/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */

inside the jquery-2.2.4.min.js (and I also rename to jquery-patched.2.2.4.min.js) seems worked in my new release. (and this worked even on the unpatched file in my test, it should better make a patch)

Answer 4

Security notification

Your application contains one or more libraries that have general security issues. Please see this Google Help Center article for details.

Vulnerable JavaScript library:

Version Name Known issue File identified jquery 2.2.4 SNYK-npm: jquery: 20150627 SNYK-JS-JQUERY-174006 assets / jquery-2.2.4.min.js Affects APK version 9.

Problem: I have used jquery version 3.4.1 and it has an effect on the appearance of my application, for example in the display theme, the application icon is not visible and becomes messy

correct ... I changed version 3.4.1 security warning from Google resolved but,the application icon is not visible and becomes messy