CVE vulnerabilities on some JS libraries
FerGT50 opened this issue · comments
Hello,
while scanning our webmail site (running latest RainLoop), we found some vulnerabilities.
Updating relevant Javascript libraries should solve most of them: do you have this planned for an upcoming version?
Thanks for your outstanding work!
RainLoop version, browser, OS:
RainLoop v1.17.0, Linux Debian v11.8 x64, no browser involved
Expected behavior and actual behavior:
Expected: no CVE vulnerabilities
Steps to reproduce the problem:
Examining Javascript libraries used by Rainloop, we found the following CVE vulnerabilities:
jQuery UI 1.10.3 (latest is 1.13.2)
CVE-2021-41184
CVE-2021-41182
CVE-2021-41183
CVE-2016-7103
CVE-2022-31160
Knockout 3.4.2 (latest is 3.5.1)
CVE-2019-14863
Moment.js 2.29.1 (latest is 2.29.4)
CVE-2022-31129
CVE-2022-24785
Has rainloop been deserted? Do we all need to leave to snappymail now?