CVE-2021-41183 (Medium) detected in jquery-ui-1.12.1.jar - autoclosed #390
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-github-com
bot
added
the
Mend: dependency security vulnerability
1 task
mend-for-github-com
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2021-41183 - Medium Severity Vulnerability
WebJar for jQuery UI
Library home page: http://webjars.org
Path to dependency file: /web/nibrs-web/pom.xml
Path to vulnerable library: /canner/.m2/repository/org/webjars/jquery-ui/1.12.1/jquery-ui-1.12.1.jar,/web/nibrs-web/target/nibrs-web/WEB-INF/lib/jquery-ui-1.12.1.jar
Dependency Hierarchy:
Found in HEAD commit: e33ecd45d71662f63121c238ca1c416a6631a650
Found in base branch: master
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various
*Textoptions of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various*Textoptions are now always treated as pure text, not HTML. A workaround is to not accept the value of the*Textoptions from untrusted sources.Publish Date: 2021-10-26
URL: CVE-2021-41183
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41183
Release Date: 2021-10-26
Fix Resolution: 1.13.0
⛑️ Automatic Remediation will be attempted for this issue.
The text was updated successfully, but these errors were encountered: