UBUNTU-CVE-2021-41184
Advisory lineage Upstream: 1 Downstream: 2
Upstream
Downstream
Published: 26 Oct 2021, 15:15
Last modified:04 Feb 2026, 02:24
Vulnerability Summary
Overall Risk (default)
medium
26/100 CVSS Score
6.5 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
26 Oct 2021, 15:15
Published
Vulnerability first disclosed
04 Feb 2026, 02:24
Last Modified
Vulnerability information updated
Description
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Systems
- ubuntu•jqueryui
< 1.12.1+dfsg-5ubuntu0.18.04.1~esm2 | < 1.12.1+dfsg-5ubuntu0.20.04.1 | < 1.12.1+dfsg-5ubuntu0.20.04.1~esm3
References (7)
- https://ubuntu.com/security/CVE-2021-41184
- https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
- https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
- https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/
- https://ubuntu.com/security/notices/USN-5181-1
- https://ubuntu.com/security/notices/USN-6419-1
- https://www.cve.org/CVERecord?id=CVE-2021-41184