Hello,
while scanning our webmail site (running latest RainLoop), we found some vulnerabilities.
Updating relevant Javascript libraries should solve most of them: do you have this planned for an upcoming version?
Thanks for your outstanding work!
RainLoop version, browser, OS:
RainLoop v1.17.0, Linux Debian v11.8 x64, no browser involved
Expected behavior and actual behavior:
Expected: no CVE vulnerabilities
Steps to reproduce the problem:
Examining Javascript libraries used by Rainloop, we found the following CVE vulnerabilities:
Hello, while scanning our webmail site (running latest RainLoop), we found some vulnerabilities. Updating relevant Javascript libraries should solve most of them: do you have this planned for an upcoming version? Thanks for your outstanding work!
RainLoop version, browser, OS: RainLoop v1.17.0, Linux Debian v11.8 x64, no browser involved
Expected behavior and actual behavior: Expected: no CVE vulnerabilities
Steps to reproduce the problem: Examining Javascript libraries used by Rainloop, we found the following CVE vulnerabilities:
jQuery UI 1.10.3 (latest is 1.13.2) CVE-2021-41184 CVE-2021-41182 CVE-2021-41183 CVE-2016-7103 CVE-2022-31160
Knockout 3.4.2 (latest is 3.5.1) CVE-2019-14863
Moment.js 2.29.1 (latest is 2.29.4) CVE-2022-31129 CVE-2022-24785
Logs or screenshots:![RainLoop_webmail_vulnerabilities-1](https://github.com/RainLoop/rainloop-webmail/assets/68430253/22c3f9d9-17ac-46e3-91db-88ac842018cd)