{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"python-XStatic-jquery-ui security update", "category":"general", "title":"Synopsis" }, { "text":"An update for python-XStatic-jquery-ui is now available for openEuler-20.03-LTS-SP3.", "category":"general", "title":"Summary" }, { "text":"jquery-ui javascript library packaged for setuptools (easy_install) / pip. This package is intended to be used by **any** project that needs these files. It intentionally does **not** provide any extra code except some metadata **nor** has any extra requirements. You MAY use some minimal support code from the XStatic base package, if you like. You can find more info about the xstatic packaging way in the package `XStatic`.\n\nSecurity Fix(es):\n\njQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.(CVE-2021-41183)", "category":"general", "title":"Description" }, { "text":"An update for python-XStatic-jquery-ui is now available for openEuler-20.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"python-XStatic-jquery-ui", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2022-1693", "category":"self", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1693" }, { "summary":"CVE-2021-41183", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2021-41183&packageName=python-XStatic-jquery-ui" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41183" }, { "summary":"openEuler-SA-2022-1693 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2022/csaf-openeuler-sa-2022-1693.json" } ], "title":"An update for python-XStatic-jquery-ui is now available for openEuler-20.03-LTS-SP3", "tracking":{ "initial_release_date":"2022-06-02T09:40:54+08:00", "revision_history":[ { "date":"2022-06-02T09:40:54+08:00", "summary":"Initial", "number":"1.0.0" }, { "date":"2024-10-31T09:40:54+08:00", "summary":"final", "number":"2.0.0" } ], "generator":{ "date":"2024-10-31T09:40:54+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-10-31T09:40:54+08:00", "id":"openEuler-SA-2022-1693", "version":"2.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP3" }, "product_id":"openEuler-20.03-LTS-SP3", "name":"openEuler-20.03-LTS-SP3" }, "name":"openEuler-20.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP3" }, "product_id":"python3-XStatic-jquery-ui-1.12.1.1-2.oe1.noarch.rpm(20.03-LTS-SP3)", "name":"python3-XStatic-jquery-ui-1.12.1.1-2.oe1.noarch.rpm" }, "name":"python3-XStatic-jquery-ui-1.12.1.1-2.oe1.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP3" }, "product_id":"python-XStatic-jquery-ui-help-1.12.1.1-2.oe1.noarch.rpm(20.03-LTS-SP3)", "name":"python-XStatic-jquery-ui-help-1.12.1.1-2.oe1.noarch.rpm" }, "name":"python-XStatic-jquery-ui-help-1.12.1.1-2.oe1.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP3" }, "product_id":"python-XStatic-jquery-ui-1.12.1.1-2.oe1.src.rpm(20.03-LTS-SP3)", "name":"python-XStatic-jquery-ui-1.12.1.1-2.oe1.src.rpm" }, "name":"python-XStatic-jquery-ui-1.12.1.1-2.oe1.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-20.03-LTS-SP3", "product_reference":"python3-XStatic-jquery-ui-1.12.1.1-2.oe1.noarch.rpm(20.03-LTS-SP3)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP3:python3-XStatic-jquery-ui-1.12.1.1-2.oe1.noarch", "name":"python3-XStatic-jquery-ui-1.12.1.1-2.oe1.noarch as a component of openEuler-20.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP3", "product_reference":"python-XStatic-jquery-ui-help-1.12.1.1-2.oe1.noarch.rpm(20.03-LTS-SP3)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP3:python-XStatic-jquery-ui-help-1.12.1.1-2.oe1.noarch", "name":"python-XStatic-jquery-ui-help-1.12.1.1-2.oe1.noarch as a component of openEuler-20.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP3", "product_reference":"python-XStatic-jquery-ui-1.12.1.1-2.oe1.src.rpm(20.03-LTS-SP3)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP3:python-XStatic-jquery-ui-1.12.1.1-2.oe1.src", "name":"python-XStatic-jquery-ui-1.12.1.1-2.oe1.src as a component of openEuler-20.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2021-41183", "notes":[ { "text":"jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP3:python3-XStatic-jquery-ui-1.12.1.1-2.oe1.noarch", "openEuler-20.03-LTS-SP3:python-XStatic-jquery-ui-help-1.12.1.1-2.oe1.noarch", "openEuler-20.03-LTS-SP3:python-XStatic-jquery-ui-1.12.1.1-2.oe1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP3:python3-XStatic-jquery-ui-1.12.1.1-2.oe1.noarch", "openEuler-20.03-LTS-SP3:python-XStatic-jquery-ui-help-1.12.1.1-2.oe1.noarch", "openEuler-20.03-LTS-SP3:python-XStatic-jquery-ui-1.12.1.1-2.oe1.src" ], "details":"python-XStatic-jquery-ui security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1693" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP3:python3-XStatic-jquery-ui-1.12.1.1-2.oe1.noarch", "openEuler-20.03-LTS-SP3:python-XStatic-jquery-ui-help-1.12.1.1-2.oe1.noarch", "openEuler-20.03-LTS-SP3:python-XStatic-jquery-ui-1.12.1.1-2.oe1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2021-41183" } ] }