Dependency Notes

Introduction

The following list of dependencies may be reported as vulnerable but either have been fixed in the ownCloud codebase or do not apply.

If you are aware of any issues that have not yet been patched or which are not included in this list, please notify us at security@owncloud.com.

Fixed Issues

  • jQuery

  • jQuery-ui

    • CVE-2021-41182, CVE-2021-41183 and CVE-2021-41184
      patched in 10.9.0

    • CVE-2022-31160
      Component "checkboxradio" is not used by ownCloud

  • Select2

    • CVE-2016-10744
      Component "select2" cannot be exploited

  • PDF

    • CVE-2024-4367
      When app files_pdfviewer is enabled with disabled scripting, CVE-2024-4367 can not be exploited

  • Bootstrap

    • CVE-2024-6485 and CVE-2024-6484
      There is no vulnerability because affected components are not used by ownCloud