Is Clarity Vulnerable to CVE-2021-41184, CVE-2021-41183, CVE-2021-41182, CVE-2022-31160
search cancel

Is Clarity Vulnerable to CVE-2021-41184, CVE-2021-41183, CVE-2021-41182, CVE-2022-31160

book

Article ID: 280993

calendar_today

Updated On: 03-21-2024

Products

Clarity PPM On Premise Clarity PPM SaaS

Issue/Introduction

In recent security scan of clarity, its found Clarity uses JQuery-UI 1.10.4.clarity.1 and its vulnerable to CVE-2021-41184, CVE-2021-41183, CVE-2021-41182, CVE-2022-31160 

 

Environment

Clarity 16.1.3 onwards 

Resolution

 JQuery we have already ugpraded our Jquery in the higher version and even in the current version you are in we have patched the Jquery version to fix below vulnerabilities since Oct 2022 

  • CVE-2022-31160 - Related to checkbox radio widget which we do not bundle as part of jquery-ui.js. Hence not applicable
  • CVE-2021-41182 - Related to date picker widget. Removed date picker widget code from jquery-ui.js making this not applicable.
  • CVE-2021-41183 - Related to date picker widget.  Removed date picker widget code from jquery-ui.js making this not applicable.
  • CVE-2021-41184 - Related to position function of jquery-ui. Ported the vulnerability fix 
  • CVE-2016-7103 - Related to dialog widget of jquery-ui. Ported the vulnerability fix 
Powered by Wolken Software