You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Mike R (Jira)" <ji...@apache.org> on 2022/04/21 16:20:00 UTC
[jira] [Updated] (NIFI-9945) Upgrade jQuery UI - v1.12.1 To 1.13.1
[ https://issues.apache.org/jira/browse/NIFI-9945?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mike R updated NIFI-9945:
-------------------------
Description:
NiFi uses a vulnerable version of JQuery UI, which has 3 CVEs against it.
CVE-2021-41182 - [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41182]
CVE-2021-41183 - [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41183]
CVE-2021-41184 - [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41184]
The way to mitigate these CVEs would be to upgrade to JQuery UI version 1.13.1.
was:
NiFi uses a vulnerable version of JQuery UI, which has 3 CVEs against it.
CVE-2021-41182 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41182
CVE-2021-41183 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41183
CVE-2021-41184 - [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41184]
Lets mitigate this by upgrading the version of JQuery UI used by NiFi to 1.13.1
> Upgrade jQuery UI - v1.12.1 To 1.13.1
> ---------------------------------------
>
> Key: NIFI-9945
> URL: https://issues.apache.org/jira/browse/NIFI-9945
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
> Affects Versions: 1.16.0, 1.15.1, 1.15.2, 1.15.3
> Environment: Windows, Unix
> Reporter: Mike R
> Priority: Major
>
> NiFi uses a vulnerable version of JQuery UI, which has 3 CVEs against it.
> CVE-2021-41182 - [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41182]
> CVE-2021-41183 - [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41183]
> CVE-2021-41184 - [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41184]
>
> The way to mitigate these CVEs would be to upgrade to JQuery UI version 1.13.1.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)