jQuery-contextMenu icon indicating copy to clipboard operation
jQuery-contextMenu copied to clipboard
verified publisher icon swisnl

Security - CVE-2021-41184: Upgrade embedded jQuery UI Position to 1.13+ (v2.x)

Open Jason-Morcos opened this issue 3 years ago • 0 comments

This plugin embeds jQuery UI Position v1.12 (https://github.com/swisnl/jQuery-contextMenu/blob/master/dist/jquery.ui.position.js). This version of jQuery UI is susceptible to Cross Site Scripting and is officially unsupported by jQuery UI.

Upgrading this embedded code to jQuery UI 1.13 closes these known security vulnerabilities.

CVE: https://www.cve.org/CVERecord?id=CVE-2021-41184 / https://security.snyk.io/vuln/SNYK-JS-JQUERYUI-1767175 jQuery UI: https://jqueryui.com

Jason-Morcos avatar Jul 12 '22 16:07 Jason-Morcos