notebook icon indicating copy to clipboard operation
notebook copied to clipboard

Published 20 hours ago verified publisher icon jupyter

jquery-ui prior to version 1.13.0 has issue CVE-2021-41182

Open zhuangxy opened this issue 3 years ago • 1 comments
trafficstars

Describe the bug CVE-2021-41182 reports jqueryui issues prior to 1.13.0 https://nvd.nist.gov/vuln/detail/CVE-2021-41182

latest notebook is using jquery-ui v1.12.1: https://github.com/jupyter/notebook/blob/master/bower.json

Expected behavior upgrade jqueryui to 1.13.0

Additional context

  • Version 6.4.6
  • If any workaround or suggestion I could try? Thank you

zhuangxy avatar Dec 22 '21 08:12 zhuangxy

Just to confirm, jQuery UI <1.13.2 has two known vulnerabilities:

  • https://github.com/advisories/GHSA-h6gj-6jjq-h8g9
  • https://github.com/advisories/GHSA-j7qv-pgf6-hvh4

tmikus avatar Sep 05 '22 09:09 tmikus