View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 256
IDProjectCategoryView StatusDate SubmittedLast Update
19694Bug reportsSecuritypublic2024-08-08 14:242024-11-22 17:38
Reportertibor.pacalat Assigned Totibor.pacalat  
PrioritynoneSeverityminor 
Status resolvedResolutionfixed 
Product Version6.6.x 
Summary19694: Update jquery UI because of known vulnerabilities
Description

Used jQuery UI version 1.13.2 contains a known vulnerability:
https://www.cvedetails.com/cve/CVE-2022-31160/

More info in this ticket https://bugs.limesurvey.org/view.php?id=19607

Steps To Reproduce

Steps to reproduce

(Replace this text with detailed step-by-step instructions on how to reproduce the issue)

Expected result

(Write here what you expected to happen)

Actual result

(Write here what happened instead)

TagsNo tags attached.
Bug heat256
Complete LimeSurvey version number (& build)6.6.1+240806
I will donate to the project if issue is resolvedNo
Browser
Database type & version.
Server OS (if known)
Webserver software & version (if known)
PHP Version.

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2024-09-13 12:05

developer   ~81012

We still use Jquery-UI ?
Mazi

Mazi

2024-11-19 16:08

updater   ~81442

@tibor.pacalat: This was just re-reported by another pen test. I think we should address this ASAP.
Mazi

Mazi

2024-11-22 14:55

updater   ~81500

@tibor.pacalat: I am missing a commit for this resolved issue. Or was it closed because it should be addressed at https://bugs.limesurvey.org/view.php?id=19701?
tibor.pacalat

tibor.pacalat

2024-11-22 17:38

administrator   ~81501

https://github.com/LimeSurvey/LimeSurvey/pull/4043

Issue History

Date Modified Username Field Change
2024-08-08 14:24 tibor.pacalat New Issue
2024-09-13 12:05 DenisChenu Note Added: 81012
2024-09-13 12:05 DenisChenu Bug heat 250 => 252
2024-11-19 16:08 Mazi Note Added: 81442
2024-11-19 16:08 Mazi Bug heat 252 => 254
2024-11-19 17:41 c_schmitz Assigned To => c_schmitz
2024-11-19 17:41 c_schmitz Status new => assigned
2024-11-19 17:43 c_schmitz Assigned To c_schmitz => tibor.pacalat
2024-11-19 17:43 c_schmitz Status assigned => ready for testing
2024-11-21 17:52 tibor.pacalat Status ready for testing => resolved
2024-11-21 17:52 tibor.pacalat Resolution open => fixed
2024-11-22 14:55 Mazi Note Added: 81500
2024-11-22 17:38 tibor.pacalat Note Added: 81501
2024-11-22 17:38 tibor.pacalat Bug heat 254 => 256