February 25, 2014 - 15:21 UTC - Tags: retire retirejs owasp
After scanning Norway
and Alexa Top 100,000
, I decided to scan the Fortune 500 companies.
Again I would like to stress, that using a library with a known vulnerability, does not necessarily mean the site is vulnerable, because the vulnerable code may not be used.
In the charts below red means the version has a known vulnerability
jQuery is a very widely used library. I was surprised however to find so many different and old versions in use
Loads of different versions
Betas and release candidates in use here
The Yahoo User Interface Library is also quite widely used
Quite a number of versions in use