UBUNTU-CVE-2021-41184

Source
https://ubuntu.com/security/CVE-2021-41184
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-41184.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-41184
Related
Published
2021-10-26T15:15:00Z
Modified
2021-10-26T15:15:00Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. A workaround is to not accept the value of the of option from untrusted sources.

References

Affected packages

Ubuntu:Pro:18.04:LTS / jqueryui

Package

Name
jqueryui
Purl
pkg:deb/ubuntu/jqueryui?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.12.1+dfsg-5ubuntu0.18.04.1~esm2

Affected versions

1.*

1.12.1+dfsg-5

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.12.1+dfsg-5ubuntu0.18.04.1~esm2",
            "binary_name": "libjs-jquery-ui"
        },
        {
            "binary_version": "1.12.1+dfsg-5ubuntu0.18.04.1~esm2",
            "binary_name": "libjs-jquery-ui-docs"
        },
        {
            "binary_version": "1.12.1+dfsg-5ubuntu0.18.04.1~esm2",
            "binary_name": "node-jquery-ui"
        }
    ]
}

Ubuntu:20.04:LTS / jqueryui

Package

Name
jqueryui
Purl
pkg:deb/ubuntu/jqueryui?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.12.1+dfsg-5ubuntu0.20.04.1

Affected versions

1.*

1.12.1+dfsg-5

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.12.1+dfsg-5ubuntu0.20.04.1",
            "binary_name": "libjs-jquery-ui"
        },
        {
            "binary_version": "1.12.1+dfsg-5ubuntu0.20.04.1",
            "binary_name": "libjs-jquery-ui-docs"
        },
        {
            "binary_version": "1.12.1+dfsg-5ubuntu0.20.04.1",
            "binary_name": "node-jquery-ui"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / jqueryui

Package

Name
jqueryui
Purl
pkg:deb/ubuntu/jqueryui?arch=src?distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.12.1+dfsg-5ubuntu0.20.04.1

Affected versions

1.*

1.12.1+dfsg-5
1.12.1+dfsg-5ubuntu0.1~esm2
1.12.1+dfsg-5ubuntu0.20.04.1~esm3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.12.1+dfsg-5ubuntu0.20.04.1",
            "binary_name": "libjs-jquery-ui"
        },
        {
            "binary_version": "1.12.1+dfsg-5ubuntu0.20.04.1",
            "binary_name": "libjs-jquery-ui-docs"
        },
        {
            "binary_version": "1.12.1+dfsg-5ubuntu0.20.04.1",
            "binary_name": "node-jquery-ui"
        }
    ]
}