Vulnerable JQuery

It seems that my server installation has two JQuery libraries that have known vulnerabilities.
I am running the latest OwnCloud (10.2.1).
I just want to find out two things:

  1. Is this correct, or did I do something wrong during upgrade or whatever?
  2. If it is correct is there a timeline that these will be updated?

The vulnerable JQuery libraries are:
jquery-ui-dialog found in: https://{DOMAIN}.com/owncloud/core/vendor/jquery-ui/ui/jquery-ui.custom.js?v=1ae480d407a541fe0346f42c2eb667f3


jquery found in: https://{DOMAIN}.com/owncloud/core/vendor/jquery/dist/jquery.min.js?v=1ae480d407a541fe0346f42c2eb667f3

Thanks in advance to any of the answerers :smiley:

1 Like


i think this question is probably better redirected to the ownCloud team at It looks to me that this issue below could be related which has originated from the discussion in

According to @cs35 in that issue it seems doesn’t show up a vulnerability while his own installation seems to report a vulnerability. So i think it could be indeed possible that a 3rdparty app is using a vulnerable older jQuery version.


Hello everyone,

as I stated in the Github issue it seems to be from there. We can only wait for it to be ugpraded. Now that 10.3.0 is out I hope it comes in a 10.3.1 :slight_smile:


Thanks for your replies!
I’ll go through the apps and just wait for updates :wink: