{"id":"USN-5181-1","summary":"jqueryui vulnerability","details":"It was discovered that jQuery UI did not properly validate the values from\nuntrusted sources. An attacker could use this vulnerability to cause a crash or\npossibly execute arbitrary code. This issue affected only Ubuntu 18.04 ESM and\nUbuntu 20.4 ESM. (CVE-2021-41184)\n\nIt was discovered that jQuery UI checkboxradio widget did not properly decode\ncertain values from HTML entities. An attacker could possibly use this issue to\ngenerate a cross-site scripting(XSS) attack, resulting in a crash or possibly\nexecute arbitrary code. (CVE-2022-31160)\n","modified":"2026-02-10T04:42:24Z","published":"2022-09-09T09:31:52Z","related":["UBUNTU-CVE-2021-41184","UBUNTU-CVE-2022-31160"],"upstream":["CVE-2021-41184","CVE-2022-31160","UBUNTU-CVE-2021-41184","UBUNTU-CVE-2022-31160"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5181-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-41184"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-31160"}],"affected":[{"package":{"name":"jqueryui","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/jqueryui@1.12.1+dfsg-5ubuntu0.18.04.1~esm2?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.1+dfsg-5ubuntu0.18.04.1~esm2"}]}],"versions":["1.12.1+dfsg-5"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"libjs-jquery-ui","binary_version":"1.12.1+dfsg-5ubuntu0.18.04.1~esm2"},{"binary_name":"libjs-jquery-ui-docs","binary_version":"1.12.1+dfsg-5ubuntu0.18.04.1~esm2"},{"binary_name":"node-jquery-ui","binary_version":"1.12.1+dfsg-5ubuntu0.18.04.1~esm2"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"id":"CVE-2021-41184","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-31160","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5181-1.json"}},{"package":{"name":"jqueryui","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/jqueryui@1.12.1+dfsg-5ubuntu0.20.04.1~esm3?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.1+dfsg-5ubuntu0.20.04.1~esm3"}]}],"versions":["1.12.1+dfsg-5","1.12.1+dfsg-5ubuntu0.1~esm2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"libjs-jquery-ui","binary_version":"1.12.1+dfsg-5ubuntu0.20.04.1~esm3"},{"binary_name":"libjs-jquery-ui-docs","binary_version":"1.12.1+dfsg-5ubuntu0.20.04.1~esm3"},{"binary_name":"node-jquery-ui","binary_version":"1.12.1+dfsg-5ubuntu0.20.04.1~esm3"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[{"id":"CVE-2021-41184","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-31160","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5181-1.json"}},{"package":{"name":"jqueryui","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/jqueryui@1.13.1+dfsg-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.13.1+dfsg-1ubuntu0.1~esm1"}]}],"versions":["1.12.1+dfsg-8","1.13.0+dfsg-1","1.13.1+dfsg-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"libjs-jquery-ui","binary_version":"1.13.1+dfsg-1ubuntu0.1~esm1"},{"binary_name":"libjs-jquery-ui-docs","binary_version":"1.13.1+dfsg-1ubuntu0.1~esm1"},{"binary_name":"node-jquery-ui","binary_version":"1.13.1+dfsg-1ubuntu0.1~esm1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:22.04:LTS","cves":[{"id":"CVE-2022-31160","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5181-1.json"}}],"schema_version":"1.7.3"}