This repository has been archived by the owner on Nov 4, 2024. It is now read-only.
CVE vulnerabilities on some JS libraries #2237
Comments
|
Has rainloop been deserted? Do we all need to leave to snappymail now? |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hello,
while scanning our webmail site (running latest RainLoop), we found some vulnerabilities.
Updating relevant Javascript libraries should solve most of them: do you have this planned for an upcoming version?
Thanks for your outstanding work!
RainLoop version, browser, OS:
RainLoop v1.17.0, Linux Debian v11.8 x64, no browser involved
Expected behavior and actual behavior:
Expected: no CVE vulnerabilities
Steps to reproduce the problem:
Examining Javascript libraries used by Rainloop, we found the following CVE vulnerabilities:
jQuery UI 1.10.3 (latest is 1.13.2)
CVE-2021-41184
CVE-2021-41182
CVE-2021-41183
CVE-2016-7103
CVE-2022-31160
Knockout 3.4.2 (latest is 3.5.1)
CVE-2019-14863
Moment.js 2.29.1 (latest is 2.29.4)
CVE-2022-31129
CVE-2022-24785
Logs or screenshots:
The text was updated successfully, but these errors were encountered: