OESA-2022-1693

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1693
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2022-1693.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2022-1693
Upstream
Published
2022-06-02T11:03:51Z
Modified
2025-08-12T05:10:11.229190Z
Summary
python-XStatic-jquery-ui security update
Details

jquery-ui javascript library packaged for setuptools (easy_install) / pip. This package is intended to be used by any project that needs these files. It intentionally does not provide any extra code except some metadata nor has any extra requirements. You MAY use some minimal support code from the XStatic base package, if you like. You can find more info about the xstatic packaging way in the package XStatic.

Security Fix(es):

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources.(CVE-2021-41183)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:20.03-LTS-SP3 / python-XStatic-jquery-ui

Package

Name
python-XStatic-jquery-ui
Purl
pkg:rpm/openEuler/python-XStatic-jquery-ui&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.12.1.1-2.oe1

Ecosystem specific 

{
    "noarch": [
        "python3-XStatic-jquery-ui-1.12.1.1-2.oe1.noarch.rpm",
        "python-XStatic-jquery-ui-help-1.12.1.1-2.oe1.noarch.rpm"
    ],
    "src": [
        "python-XStatic-jquery-ui-1.12.1.1-2.oe1.src.rpm"
    ]
}