CVE vulnerabilities on some JS libraries

Question

CVE vulnerabilities on some JS libraries

FerGT50 opened this issue 7 months ago · comments

Hello,
while scanning our webmail site (running latest RainLoop), we found some vulnerabilities.
Updating relevant Javascript libraries should solve most of them: do you have this planned for an upcoming version?
Thanks for your outstanding work!

RainLoop version, browser, OS:
RainLoop v1.17.0, Linux Debian v11.8 x64, no browser involved

Expected behavior and actual behavior:
Expected: no CVE vulnerabilities

Steps to reproduce the problem:
Examining Javascript libraries used by Rainloop, we found the following CVE vulnerabilities:

jQuery UI 1.10.3 (latest is 1.13.2)
CVE-2021-41184
CVE-2021-41182
CVE-2021-41183
CVE-2016-7103
CVE-2022-31160

Knockout 3.4.2 (latest is 3.5.1)
CVE-2019-14863

Moment.js 2.29.1 (latest is 2.29.4)
CVE-2022-31129
CVE-2022-24785

Logs or screenshots:

Julius Thyssen · Answer 1 · Sat Mar 02 2024 15:35:44 GMT+0800 (China Standard Time)

Has rainloop been deserted? Do we all need to leave to snappymail now?