2021-09-15 19:01:11 +00:00
{
2022-11-04 00:01:05 +00:00
"data_version" : "4.0" ,
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
2021-09-15 19:01:11 +00:00
"CVE_data_meta" : {
"ID" : "CVE-2021-41183" ,
2022-11-04 00:01:05 +00:00
"ASSIGNER" : "security-advisories@github.com" ,
"STATE" : "PUBLIC"
} ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
"value" : "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" ,
"cweId" : "CWE-79"
}
]
}
]
2021-09-15 19:01:11 +00:00
} ,
2021-10-26 14:30:17 +00:00
"affects" : {
"vendor" : {
"vendor_data" : [
{
2022-11-04 00:01:05 +00:00
"vendor_name" : "jquery" ,
2021-10-26 14:30:17 +00:00
"product" : {
"product_data" : [
{
"product_name" : "jquery-ui" ,
"version" : {
"version_data" : [
{
2023-08-31 03:00:32 +00:00
"version_affected" : "=" ,
"version_value" : "< 1.13.0"
2021-10-26 14:30:17 +00:00
}
]
}
}
]
2022-11-04 00:01:05 +00:00
}
2021-10-26 14:30:17 +00:00
}
]
}
} ,
"references" : {
"reference_data" : [
2021-10-26 15:01:05 +00:00
{
2022-11-04 00:01:05 +00:00
"url" : "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/" ,
2021-10-26 15:01:05 +00:00
"refsource" : "MISC" ,
2022-11-04 00:01:05 +00:00
"name" : "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
2021-10-26 15:01:05 +00:00
} ,
2023-08-31 03:00:32 +00:00
{
"url" : "https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4" ,
"refsource" : "MISC" ,
"name" : "https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4"
} ,
2021-10-26 14:30:17 +00:00
{
2022-11-04 00:01:05 +00:00
"url" : "https://github.com/jquery/jquery-ui/pull/1953" ,
"refsource" : "MISC" ,
"name" : "https://github.com/jquery/jquery-ui/pull/1953"
2021-10-26 14:30:17 +00:00
} ,
{
2022-11-04 00:01:05 +00:00
"url" : "https://bugs.jqueryui.com/ticket/15284" ,
2021-10-26 14:30:17 +00:00
"refsource" : "MISC" ,
2022-11-04 00:01:05 +00:00
"name" : "https://bugs.jqueryui.com/ticket/15284"
2021-10-26 14:30:17 +00:00
} ,
{
2023-08-31 03:00:32 +00:00
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/" ,
2021-10-26 14:30:17 +00:00
"refsource" : "MISC" ,
2023-08-31 03:00:32 +00:00
"name" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
2021-11-18 08:00:58 +00:00
} ,
2021-11-20 03:01:00 +00:00
{
2023-08-31 03:00:32 +00:00
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/" ,
2022-11-04 00:01:05 +00:00
"refsource" : "MISC" ,
2023-08-31 03:00:32 +00:00
"name" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
2021-11-20 03:01:00 +00:00
} ,
{
2023-08-31 03:00:32 +00:00
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/" ,
2022-11-04 00:01:05 +00:00
"refsource" : "MISC" ,
2023-08-31 03:00:32 +00:00
"name" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
2021-11-20 04:00:58 +00:00
} ,
{
2023-08-31 03:00:32 +00:00
"url" : "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html" ,
2022-11-04 00:01:05 +00:00
"refsource" : "MISC" ,
2023-08-31 03:00:32 +00:00
"name" : "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
2022-01-19 21:01:06 +00:00
} ,
2022-04-20 00:01:41 +00:00
{
2023-08-31 03:00:32 +00:00
"url" : "https://www.drupal.org/sa-core-2022-002" ,
2022-11-04 00:01:05 +00:00
"refsource" : "MISC" ,
2023-08-31 03:00:32 +00:00
"name" : "https://www.drupal.org/sa-core-2022-002"
2022-04-20 00:01:41 +00:00
} ,
2022-01-19 22:01:34 +00:00
{
2023-08-31 03:00:32 +00:00
"url" : "https://www.oracle.com/security-alerts/cpuapr2022.html" ,
2022-11-04 00:01:05 +00:00
"refsource" : "MISC" ,
2023-08-31 03:00:32 +00:00
"name" : "https://www.oracle.com/security-alerts/cpuapr2022.html"
2022-01-19 22:01:34 +00:00
} ,
2022-04-20 00:01:41 +00:00
{
2022-11-04 00:01:05 +00:00
"url" : "https://security.netapp.com/advisory/ntap-20211118-0004/" ,
2022-04-20 00:01:41 +00:00
"refsource" : "MISC" ,
2022-11-04 00:01:05 +00:00
"name" : "https://security.netapp.com/advisory/ntap-20211118-0004/"
2022-04-20 00:01:41 +00:00
} ,
2023-08-31 03:00:32 +00:00
{
"url" : "https://www.drupal.org/sa-contrib-2022-004" ,
"refsource" : "MISC" ,
"name" : "https://www.drupal.org/sa-contrib-2022-004"
} ,
2022-01-19 22:01:34 +00:00
{
2022-11-04 00:01:05 +00:00
"url" : "https://www.drupal.org/sa-core-2022-001" ,
"refsource" : "MISC" ,
"name" : "https://www.drupal.org/sa-core-2022-001"
2022-01-19 22:01:34 +00:00
} ,
2023-08-31 03:00:32 +00:00
{
"url" : "https://www.oracle.com/security-alerts/cpujul2022.html" ,
"refsource" : "MISC" ,
"name" : "https://www.oracle.com/security-alerts/cpujul2022.html"
} ,
2022-01-19 21:01:06 +00:00
{
2022-11-04 00:01:05 +00:00
"url" : "https://www.tenable.com/security/tns-2022-09" ,
2022-01-19 21:01:06 +00:00
"refsource" : "MISC" ,
2022-11-04 00:01:05 +00:00
"name" : "https://www.tenable.com/security/tns-2022-09"
2022-01-19 22:01:34 +00:00
} ,
{
2022-11-04 00:01:05 +00:00
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/" ,
"refsource" : "MISC" ,
"name" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
2022-04-20 18:01:35 +00:00
} ,
2022-07-25 19:01:27 +00:00
{
2022-11-04 00:01:05 +00:00
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/" ,
2022-07-25 19:01:27 +00:00
"refsource" : "MISC" ,
2022-11-04 00:01:05 +00:00
"name" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
2022-07-25 19:01:27 +00:00
} ,
2022-04-20 18:01:35 +00:00
{
2023-08-31 03:00:32 +00:00
"url" : "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html" ,
2022-11-04 00:01:05 +00:00
"refsource" : "MISC" ,
2023-08-31 03:00:32 +00:00
"name" : "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
2021-09-15 19:01:11 +00:00
}
]
2021-10-26 14:30:17 +00:00
} ,
"source" : {
"advisory" : "GHSA-j7qv-pgf6-hvh4" ,
"discovery" : "UNKNOWN"
2022-11-04 00:01:05 +00:00
} ,
"impact" : {
"cvss" : [
{
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 6.5 ,
"baseSeverity" : "MEDIUM"
}
]
2021-09-15 19:01:11 +00:00
}
}
