Lucene search

[email protected]NVD:CVE-2021-41182

HistoryOct 26, 2021 - 3:15 p.m.

CVE-2021-41182

2021-10-2615:15:10

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.004 Low

EPSS

Percentile

73.0%

JSON

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. A workaround is to not accept the value of the altField option from untrusted sources.

Affected configurations

NVD

Node

jqueryuijquery_uiRange<1.13.0jquery

Node

fedoraprojectfedoraMatch33

fedoraprojectfedoraMatch34

fedoraprojectfedoraMatch35

fedoraprojectfedoraMatch36

Node

netapph500sMatch-

AND

netapph500s_firmwareMatch-

Node

netapph700sMatch-

AND

netapph700s_firmwareMatch-

Node

netapph300eMatch-

AND

netapph300e_firmwareMatch-

Node

netapph500eMatch-

AND

netapph500e_firmwareMatch-

Node

netapph700eMatch-

AND

netapph700e_firmwareMatch-

Node

netapph410sMatch-

AND

netapph410s_firmwareMatch-

Node

netapph410cMatch-

AND

netapph410c_firmwareMatch-

Node

netapph300s_firmwareMatch-

AND

netapph300sMatch-

Node

debiandebian_linuxMatch9.0

Node

drupaldrupalRange7.0–7.86

Node

oraclecommunications_interactive_session_recorderMatch6.4

oraclecommunications_operations_monitorMatch4.3

oraclecommunications_operations_monitorMatch4.4

oraclecommunications_operations_monitorMatch5.0

oraclehospitality_suite8Range8.11.0–8.14.0

oraclehospitality_suite8Match8.10.2

oraclemysql_enterprise_monitorRange≤8.0.29

oracleprimavera_unifierMatch17.7

oracleprimavera_unifierMatch17.8

oracleprimavera_unifierMatch17.9

oracleprimavera_unifierMatch17.10

oracleprimavera_unifierMatch17.11

oracleprimavera_unifierMatch17.12

oracleprimavera_unifierMatch18.8

oracleprimavera_unifierMatch19.12

oracleprimavera_unifierMatch20.12

oracleprimavera_unifierMatch21.12

oracleweblogic_serverMatch12.2.1.3.0

oracleweblogic_serverMatch12.2.1.4.0

oracleweblogic_serverMatch14.1.1.0.0

Node

tenabletenable.scRange<5.21.0

Node

oracleagile_plmMatch9.3.6

oracleapplication_expressRange<22.1.1

oraclebanking_platformMatch2.9.0

oraclebanking_platformMatch2.12.0

oraclebig_data_spatial_and_graphRange<23.1

oraclebig_data_spatial_and_graphMatch23.1

oraclecommunications_interactive_session_recorderMatch6.4

oraclecommunications_operations_monitorMatch4.3

oraclecommunications_operations_monitorMatch4.4

oraclecommunications_operations_monitorMatch5.0

oraclehospitality_inventory_managementMatch9.1.0

oraclehospitality_materials_controlMatch18.1

oraclehospitality_suite8Range8.11.0–8.14.0

oraclehospitality_suite8Match8.10.2

oraclejd_edwards_enterpriseone_toolsRange≤9.2.6.3

oraclepeoplesoft_enterprise_peopletoolsMatch8.58

oraclepeoplesoft_enterprise_peopletoolsMatch8.59

oraclepolicy_automationRange12.2.0–12.2.25

oracleprimavera_unifierRange17.7–17.12

oracleprimavera_unifierMatch18.8

oracleprimavera_unifierMatch19.12

oracleprimavera_unifierMatch20.12

oracleprimavera_unifierMatch21.12

oraclerest_data_servicesRange<22.1.1-

oraclerest_data_servicesMatch22.1.1-

oracleweblogic_serverMatch12.2.1.3.0

oracleweblogic_serverMatch12.2.1.4.0

oracleweblogic_serverMatch14.1.1.0.0

References

blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/

github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63

github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc

lists.debian.org/debian-lts-announce/2022/01/msg00014.html

lists.debian.org/debian-lts-announce/2023/08/msg00040.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/

security.netapp.com/advisory/ntap-20211118-0004/

www.drupal.org/sa-contrib-2022-004

www.drupal.org/sa-core-2022-002

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujul2022.html

www.tenable.com/security/tns-2022-09

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.004 Low

EPSS

Percentile

73.0%

JSON

Related for NVD:CVE-2021-41182

ubuntucve1 veracode1 osv7 prion1 cve1 cvelist1 alpinelinux1 debiancve1 github1 redhatcve1 checkpoint_advisories1 drupal2 ibm24 openvas15 fedora6 nessus14 f51 debian3 ubuntu1 redhat1 adobe1 oracle8