REDHAT-BUG-2019153: Medium severity jquery ui vulnerability
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. A workaround is to not accept the value of the of option from untrusted sources.
Reference: https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
Upstream patch: https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-2019153?
The severity of REDHAT-BUG-2019153 is high due to the potential execution of untrusted code.
How do I fix REDHAT-BUG-2019153?
To fix REDHAT-BUG-2019153, update jQuery UI to version 1.13.0 or later.
What issues does REDHAT-BUG-2019153 address?
REDHAT-BUG-2019153 addresses a vulnerability in the `of` option of the `.position()` utility that could allow code execution.
Which versions of jQuery UI are affected by REDHAT-BUG-2019153?
All versions of jQuery UI prior to 1.13.0 are affected by REDHAT-BUG-2019153.
What is the impact of REDHAT-BUG-2019153 on web applications?
The impact of REDHAT-BUG-2019153 on web applications includes the risk of executing malicious scripts from untrusted sources.