F5 Out of date jQuery bootstrap version

Question

Is F5 affected by Out of date jQuery bootstrap version vulnerability CVE-2024-6531 and CVE-2020-11022, and can we remove bootstrap.min.js file from F5 APM.

As verified bootstrap is not part of BIG-IP third-party software matrix list

And even in Big IP version 17.x the jquery version shows as v1.10

vishnugatla · Answer

I have searched in our F5 articles regarding - CVE-2020-11022 and found the below

K02453220: jQuery vulnerability CVE-2020-11022 - Restrict management access

K39313545: How to check jQuery version installed on BIG-IP

gdc1-trg-f5 · Answer

As per&nbsp;K02453220 jQuery versions greater than or equal to 1.2 and before 3.5.0 is affected, and as verified the jquery version shows as v1.10 even on the latest 17.x version.&nbsp;So other than the mitigation mentioned in the article K02453220 is there any available fix for the same ?&nbsp;&nbsp;

vishnugatla · Answer

As mentioned in that article, there’s currently no software fix or patch available for 17.x. However, you can restrict management access to trusted networks and users, as described in the article. I’m providing this information based on the article, but if you need more details, feel free to open a ticket with F5 support to get more information.

Forum Discussion

F5 Out of date jQuery bootstrap version

3 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

AST Configuration Assistance

Adding logging to APM per-request policy without SWG license

Single LTM with multiple GTM domains

License activation

Syslog server not visible in GUI

Related Content

Recommended Version

TMOS Version Update Paths

Set HTTP version

BIGdiff Version 2

HTTP iApp - downloadable version

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS