Need fix, [call to on() in datatables.js on lines 14868, 15181 sets a callback to a race condition]

Need fix, [call to on() in datatables.js on lines 14868, 15181 sets a callback to a race condition]

pprajppraj Posts: 4Questions: 1Answers: 0

datatables.js:14868 FunctionPointerCall: on()

14866 var nread = 0;
14867
14868 engine.on('error', onError);
14869 engine.on('end', onEnd);

datatables.js:15181 FunctionPointerCall: on()

15180 var error;
15181 this.on('error', function (er) {
15182 error = er;
15183 });

Answers

  • allanallan Posts: 56,849Questions: 1Answers: 9,035 Site admin

    Can you link to a test case showing the issue please? datatables.js is a combined file that has many possible options.

    Allan

  • pprajppraj Posts: 4Questions: 1Answers: 0

    Actually this vulnerability raised in the application security audit scan report. so we do not have any specific test cases related to this. Is there any possible fix for this ?

    PP

  • allanallan Posts: 56,849Questions: 1Answers: 9,035 Site admin

    Not really because I still don’t know the contents of that file. As I say, there are many many ways that file can be configured. I’d need a copy of the file you are working with please.

    I don’t actually think we use the variable engine in our code, at least I can’t think where it would be, so it might be in one of the third party scripts that can be included in the code.

    Allan

  • pprajppraj Posts: 4Questions: 1Answers: 0

    After downloading the package from https://datatables.net/download/index with styling framework ->'DataTables', packages -> jquery 3, Datatables, Extensions -> Buttons-HTML5-jszip, pdfmake using the download method 'Download' tab. In the downloaded zip,
    download.js has the vulnerability statement engine.on('error', onError);
    pdfmake-0.1.36 -> pdfmake.js also has the vulnerability statement engine.on('error', onError);

    PP

  • allanallan Posts: 56,849Questions: 1Answers: 9,035 Site admin

    Thank you. Yes as you note, that is in the pdfmake software which is third party.

    I’ll get the version updated in our download builder, but until then, don’t select it in the download builder, just include your own local up to date version or use from CDNJS or similar.

    Allan

  • pprajppraj Posts: 4Questions: 1Answers: 0

    OK. Thank you for your timely response and support.

Sign In or Register to comment.