The vulnerability is potentially vulnerable to cross-site scripting. This issue is going to be fixed in the scope of October 2023 release security patches 2.4.6-p3, 2.4.5-p5, or 2.4.4-p6. So, your security scanners might still observe the jQuery-UI CVE issue.Īdobe has provided two patches, one for 2.4.6 versions and 2.4.5 versions, and another one for 2.4.4 versions, which provide a complete upgrade of jQuery-UI library to version 1.13.2. But, there's a catch! The main jQuery-UI file was upgraded, but there were jQuery-UI supplemental module and widget files that were not upgraded. jQuery fixed this in jQuery-UI library version 1.13.2.Īdobe released security-only patches in June 2023 when the jQuery-UI library dependency were upgraded. This vulnerability, CVE-2022-31160, was reported for jQuery-UI library version 1.13.1. Did you know there's a security vulnerability in the jQuery-UI library used in Adobe Commerce 2.4.4, 2.4.5, and 2.4.6? □
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |