19694: Update jquery UI because of known vulnerabilities - LimeSurvey bugs and feature requests

This bug affects 1 person(s).

254

ID	Project	Category	View Status	Date Submitted	Last Update

19694	Bug reports	Security	public	2024-08-08 14:24	2024-11-19 17:43

Reporter	tibor.pacalat	Assigned To	tibor.pacalat
Priority	none	Severity	minor
Status	ready for testing	Resolution	open
Product Version	6.6.x

Summary	19694: Update jquery UI because of known vulnerabilities
Description	Used jQuery UI version 1.13.2 contains a known vulnerability: • https://www.cvedetails.com/cve/CVE-2022-31160/ More info in this ticket https://bugs.limesurvey.org/view.php?id=19607
Steps To Reproduce	Steps to reproduce (Replace this text with detailed step-by-step instructions on how to reproduce the issue) Expected result (Write here what you expected to happen) Actual result (Write here what happened instead)
Tags	No tags attached.

Bug heat	254
Complete LimeSurvey version number (& build)	6.6.1+240806
I will donate to the project if issue is resolved	No
Browser
Database type & version	.
Server OS (if known)
Webserver software & version (if known)
PHP Version	.

User List	There are no users monitoring this issue.

Date Modified	Username	Field	Change
2024-08-08 14:24	tibor.pacalat	New Issue
2024-09-13 12:05	DenisChenu	Note Added: 81012
2024-09-13 12:05	DenisChenu	Bug heat	250 => 252
2024-11-19 16:08	Mazi	Note Added: 81442
2024-11-19 16:08	Mazi	Bug heat	252 => 254
2024-11-19 17:41	c_schmitz	Assigned To	=> c_schmitz
2024-11-19 17:41	c_schmitz	Status	new => assigned
2024-11-19 17:43	c_schmitz	Assigned To	c_schmitz => tibor.pacalat
2024-11-19 17:43	c_schmitz	Status	assigned => ready for testing

DenisChenu 2024-09-13 12:05 developer ~81012	We still use Jquery-UI ?

Mazi 2024-11-19 16:08 updater ~81442	@tibor.pacalat: This was just re-reported by another pen test. I think we should address this ASAP.