jQuery v2.1.3 is an outdated and unsupported version that contains several known security risks. Because the by the jQuery team , these vulnerabilities will not receive official patches. Core Vulnerabilities in v2.1.3
: This was never patched in the 2.x branch; users are advised to upgrade to jQuery 3.0.0 or later . 2. Prototype Pollution (CVE-2019-11358) jquery v2.1.3 vulnerabilities
The fix is straightforward but requires diligence. Upgrade to the 3.x branch, patch your code for breaking changes, and implement a Content Security Policy (CSP) as a second line of defense. If you cannot upgrade due to legacy constraints, isolate the jQuery code behind a web application firewall (WAF) that blocks common XSS patterns. jQuery v2