A recent security scan of our environment uncovered jQuery UI version 1.14.0, which is apparently vulnerable, as documented in CVE-2024-30875. I’ve reviewed various resources, including the official jQuery GitHub repositories and security pages, but I haven’t been able to find any recent discussions on this specific issue. It seems that the vulnerability persists, and I’m not sure whether it’s actively being addressed by the jQuery UI team.
I’m curious if anyone else has encountered this and if there’s any advice on how to handle the vulnerability in the short term. Has anyone found updates or workarounds, or is this something that will require a manual patch?
FWIW, I’ve raised this issue internally and submitted a request for more information via the official channels, but I’m looking for any community feedback as well.
EDIT: This was found in a recent installation, and the security vulnerability alert remains unresolved even in the latest version.
I tried updating the jQuery UI package to the latest version (1.14.0) in hopes of resolving the CVE-2024-30875 vulnerability, but after the update, the vulnerability is still being flagged in security scans. I expected the issue to be resolved with the newer version, but it appears that the security risk persists.
Is anyone else facing this, or does anyone have advice on how to handle this situatio
You need to sign in to view this answers
Leave feedback about this