USN-6419-1

Source
https://ubuntu.com/security/notices/USN-6419-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6419-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-6419-1
Related
Published
2023-10-05T12:36:27.583415Z
Modified
2023-10-05T12:36:27.583415Z
Summary
jqueryui vulnerabilities
Details

Hong Phat Ly discovered that jQuery UI did not properly manage parameters from untrusted sources, which could lead to arbitrary web script or HTML code injection. A remote attacker could possibly use this issue to perform a cross-site scripting (XSS) attack. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-7103)

Esben Sparre Andreasen discovered that jQuery UI did not properly handle values from untrusted sources in the Datepicker widget. A remote attacker could possibly use this issue to perform a cross-site scripting (XSS) attack and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-41182, CVE-2021-41183)

It was discovered that jQuery UI did not properly validate values from untrusted sources. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-41184)

It was discovered that the jQuery UI checkboxradio widget did not properly decode certain values from HTML entities. An attacker could possibly use this issue to perform a cross-site scripting (XSS) attack and cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-31160)

References

Affected packages

Ubuntu:Pro:14.04:LTS / jqueryui

Package

Name
jqueryui
Purl
pkg:deb/ubuntu/jqueryui?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.1+dfsg-1ubuntu0.14.04.1~esm1

Affected versions

1.*

1.10.1+dfsg-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1.10.1+dfsg-1ubuntu0.14.04.1~esm1",
            "binary_name": "libjs-jquery-ui"
        },
        {
            "binary_version": "1.10.1+dfsg-1ubuntu0.14.04.1~esm1",
            "binary_name": "libjs-jquery-ui-docs"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / jqueryui

Package

Name
jqueryui
Purl
pkg:deb/ubuntu/jqueryui?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.1+dfsg-1ubuntu0.16.04.1~esm1

Affected versions

1.*

1.10.1+dfsg-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1.10.1+dfsg-1ubuntu0.16.04.1~esm1",
            "binary_name": "libjs-jquery-ui"
        },
        {
            "binary_version": "1.10.1+dfsg-1ubuntu0.16.04.1~esm1",
            "binary_name": "libjs-jquery-ui-docs"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / jqueryui

Package

Name
jqueryui
Purl
pkg:deb/ubuntu/jqueryui?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.12.1+dfsg-5ubuntu0.18.04.1~esm3

Affected versions

1.*

1.12.1+dfsg-5
1.12.1+dfsg-5ubuntu0.18.04.1~esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1.12.1+dfsg-5ubuntu0.18.04.1~esm3",
            "binary_name": "libjs-jquery-ui"
        },
        {
            "binary_version": "1.12.1+dfsg-5ubuntu0.18.04.1~esm3",
            "binary_name": "libjs-jquery-ui-docs"
        },
        {
            "binary_version": "1.12.1+dfsg-5ubuntu0.18.04.1~esm3",
            "binary_name": "node-jquery-ui"
        }
    ]
}

Ubuntu:20.04:LTS / jqueryui

Package

Name
jqueryui
Purl
pkg:deb/ubuntu/jqueryui?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.12.1+dfsg-5ubuntu0.20.04.1

Affected versions

1.*

1.12.1+dfsg-5

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1.12.1+dfsg-5ubuntu0.20.04.1",
            "binary_name": "libjs-jquery-ui"
        },
        {
            "binary_version": "1.12.1+dfsg-5ubuntu0.20.04.1",
            "binary_name": "libjs-jquery-ui-docs"
        },
        {
            "binary_version": "1.12.1+dfsg-5ubuntu0.20.04.1",
            "binary_name": "node-jquery-ui"
        }
    ]
}