CVE-2021-41182
- Source
- https://cve.org/CVERecord?id=CVE-2021-41182
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41182.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-41182
- Aliases
- Downstream
- Related
- Published
- 2021-10-26T15:15:10.313Z
- Modified
- 2026-03-15T22:43:15.053569Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the
altFieldoption of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to thealtFieldoption is now treated as a CSS selector. A workaround is to not accept the value of thealtFieldoption from untrusted sources. - References
-
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
- https://security.netapp.com/advisory/ntap-20211118-0004/
- https://www.drupal.org/sa-contrib-2022-004
- https://www.drupal.org/sa-core-2022-002
- https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
- https://www.tenable.com/security/tns-2022-09
- https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/
- https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
Affected packages
Git / github.com/drupal/drupal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/drupal/drupal
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "9.0" }, { "introduced": "7.0" }, { "fixed": "7.86" }, { "introduced": "0" }, { "last_affected": "6.4" }, { "introduced": "0" }, { "last_affected": "4.3" }, { "introduced": "0" }, { "last_affected": "4.4" }, { "introduced": "0" }, { "last_affected": "5.0" }, { "introduced": "0" }, { "last_affected": "9.3.6" }, { "introduced": "0" }, { "last_affected": "6.4" }, { "introduced": "0" }, { "last_affected": "4.3" }, { "introduced": "0" }, { "last_affected": "4.4" }, { "introduced": "0" }, { "last_affected": "5.0" }, { "introduced": "0" }, { "last_affected": "9.1.0" } ] }
Affected versions
7.*
7.0
8.*
8.0-alpha10
8.0-alpha11
8.0-alpha12
8.0-alpha13
8.0-alpha2
8.0-alpha3
8.0-alpha4
8.0-alpha5
8.0-alpha6
8.0-alpha7
8.0-alpha8
8.0-alpha9
8.0.0
8.0.0-alpha14
8.0.0-alpha15
8.0.0-beta1
8.0.0-beta10
8.0.0-beta11
8.0.0-beta12
8.0.0-beta13
8.0.0-beta14
8.0.0-beta15
8.0.0-beta16
8.0.0-beta2
8.0.0-beta3
8.0.0-beta4
8.0.0-beta5
8.0.0-beta6
8.0.0-beta7
8.0.0-beta9
8.0.0-rc1
8.0.0-rc2
8.0.0-rc3
8.0.0-rc4
8.1.0-beta1
9.*
9.0.0
9.0.0-alpha1
9.0.0-alpha2
9.0.0-beta1
9.0.0-beta2
9.0.0-beta3
9.0.0-rc1
9.1.0
9.1.0-alpha1
9.1.0-beta1
9.1.0-rc1
9.1.0-rc2
9.1.0-rc3
9.3.0
9.3.0-alpha1
9.3.0-beta1
9.3.0-beta2
9.3.0-beta3
9.3.0-rc1
9.3.2
9.3.3
9.3.4
9.3.5
9.3.6
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "33"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "34"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "35"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "36"
}
]
},
{
"events": [
{
"introduced": "8.11.0"
},
{
"last_affected": "8.14.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.10.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.29"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "17.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "17.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "17.9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "17.10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "17.11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "17.12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "20.12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "21.12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.2.1.3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.2.1.4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1.1.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.21.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "22.1.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.12.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "23.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "23.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.1"
}
]
},
{
"events": [
{
"introduced": "8.11.0"
},
{
"last_affected": "8.14.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.10.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.2.6.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.58"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.59"
}
]
},
{
"events": [
{
"introduced": "12.2.0"
},
{
"last_affected": "12.2.25"
}
]
},
{
"events": [
{
"introduced": "17.7"
},
{
"last_affected": "17.12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "20.12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "21.12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "22.1.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "22.1.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.2.1.3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.2.1.4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1.1.0.0"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41182.json"