jQuery-UI dependency vulnerabilities in hoops-web-viewer

ramony · May 16, 2022, 5:45pm

I’ve downloaded the HOOPS Communicator 2022 SP1 package and noticed the hoops-web-viewer has a dependency on jQuery-UI 1.11.4. Is the viewer affected by these vulnerabilities?

CVE-2021-41182 MEDIUM (NVD) : jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altFiel…

CVE-2021-41183 MEDIUM (NVD) : jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Te…

CVE-2021-41184 MEDIUM (NVD) : jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of opt.

guido · May 17, 2022, 11:22am

Hi,

thanks for pointing out those potential vulnerabilities. We are using jquery-ui in a very limited way (we are not using the date picker at all for example) and not in any server-side interactions so I think the potential risk is very theoretical.

In any case, this has been brought to the attention of product management and I expect us to upgrade the jQuery-ui version we are using in one of the upcoming releases.

Thanks,
Guido

Topic		Replies	Views
Medium security severity vulnerability in JSZip - CVE-2021-23413 Feedback webviewer	4	1039	September 7, 2022
2024.4.0 HOOPS Communicator ESM Support HOOPS Communicator knowledge-base	1	99	June 26, 2024
HOOPS Release 2024.2.0 Releases	0	157	March 22, 2024
Can not load Web Viewer in my Next.js application HOOPS Communicator	10	213	April 16, 2024
How to modify the TypeScript source files provided by HOOPS Communicator HOOPS Communicator code , sample , webviewer , learn , knowledge-base	0	1211	March 14, 2022

jQuery-UI dependency vulnerabilities in hoops-web-viewer

Related topics