Update `ATC-pie` to Version 1.9.2 #10

JLP04 · 2025-12-06T20:35:26Z

This updates ATC-pie to version 1.9.2

github-actions · 2025-12-07T00:45:57Z


Your image	`ghcr.io/jlp04/elevation-generator:test`
Current base image	`debian:latest`

github-actions · 2025-12-07T00:46:00Z

🔍 Vulnerabilities of `ghcr.io/jlp04/elevation-generator:test`

📦 Image Reference ghcr.io/jlp04/elevation-generator:test

digest	`sha256:82f4790532062e430f8be5e85869bd777a71907dcf926818efa447352b76d94a`
vulnerabilities
platform	linux/386
size	9.4 GB
packages	956

📦 Base Image debian:13

also known as	`13.2` `latest` `trixie` `trixie-20251117`
digest	`sha256:26fa82a17fdca5c75ee3d2d1c792b3fb0b014d373ed2ebfad283ce6e419876cf`
vulnerabilities

stdlib 1.25.4 (golang)

pkg:golang/stdlib@1.25.4

# Dockerfile (241:241)
RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash

Affected range	`>=1.25.0 <1.25.5`
Fixed version	`1.25.5`
EPSS Score	`0.012%`
EPSS Percentile	`1st percentile`

Description

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Affected range	`>=1.25.0 <1.25.5`
Fixed version	`1.25.5`
EPSS Score	`0.016%`
EPSS Percentile	`3rd percentile`

Description

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

jquery-ui 1.11.2 (npm)

pkg:npm/jquery-ui@1.11.2

# Dockerfile (227:227)
COPY --from=build /tmp/install /flightgear/script/dnc-managed/install

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`22.087%`
EPSS Percentile	`96th percentile`

Description

Impact

Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code:
$( "#element" ).position( {
	my: "left top",
	at: "right bottom",
	of: "<img onerror='doEvilThing()' src='/404' />",
	collision: "none"
} );
will call the doEvilThing() function.

Patches

The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector.

Workarounds

A workaround is to not accept the value of the of option from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`2.867%`
EPSS Percentile	`86th percentile`

Description

Impact

Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way:
$( "#datepicker" ).datepicker( {
	showButtonPanel: true,
	showOn: "both",
	closeText: "<script>doEvilThing( 'closeText XSS' )</script>",
	currentText: "<script>doEvilThing( 'currentText XSS' )</script>",
	prevText: "<script>doEvilThing( 'prevText XSS' )</script>",
	nextText: "<script>doEvilThing( 'nextText XSS' )</script>",
	buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>",
	appendText: "<script>doEvilThing( 'appendText XSS' )</script>",
} );
will call doEvilThing with 6 different parameters coming from all *Text options.

Patches

The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML.

Workarounds

A workaround is to not accept the value of the *Text options from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`19.260%`
EPSS Percentile	`95th percentile`

Description

Impact

Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way:
$( "#datepicker" ).datepicker( {
	altField: "<img onerror='doEvilThing()' src='/404' />",
} );
will call the doEvilThing function.

Patches

The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector.

Workarounds

A workaround is to not accept the value of the altField option from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.2`
Fixed version	`1.13.2`
CVSS Score	`6.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
EPSS Score	`15.257%`
EPSS Percentile	`94th percentile`

Description

Impact

Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code.

For example, starting with the following initial secure HTML:
<label>
	<input id="test-input">
	&lt;img src=x onerror="alert(1)"&gt;
</label>
and calling:
$( "#test-input" ).checkboxradio();
$( "#test-input" ).checkboxradio( "refresh" );
will turn the initial HTML into:
<label>
	
	<input id="test-input">
	<img src=x onerror="alert(1)">
</label>
and the alert will get executed.

Patches

The bug has been patched in jQuery UI 1.13.2.

Workarounds

To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span:
<label>
	<input id="test-input">
	<span>&lt;img src=x onerror="alert(1)"&gt;</span>
</label>
References

https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.12.0`
Fixed version	`1.12.0`
CVSS Score	`6.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
EPSS Score	`1.383%`
EPSS Percentile	`80th percentile`

Description

Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function.

jQuery-UI is a library for manipulating UI elements via jQuery.

Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

Recommendation

Upgrade to jQuery-UI 1.12.0 or later.

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Affected range	`<=1.11.4`
Fixed version	`1.12.0`

Description

jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

github-actions · 2025-12-07T00:46:03Z

Recommended fixes for image (linux/386) `ghcr.io/jlp04/elevation-generator:test`

Base image is debian:latest

Name	13.2
Digest	sha256:26fa82a17fdca5c75ee3d2d1c792b3fb0b014d373ed2ebfad283ce6e419876cf
Vulnerabilities
Pushed	2 weeks ago
Size	51 MB
Packages	111
OS	13.2

The base image is also available under the supported tag(s): 13, 13.2, trixie, trixie-20251117

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-12-07T00:46:23Z

Overview

Image reference	`jlp04/elevation-generator:latest`	`ghcr.io/jlp04/elevation-generator:test`
- digest	`7479b380dc7e`	`82f479053206`
- tag	`latest`	`test`
- provenance	https://github.com/JLP04/docker-elevation-generator.git#0872363ea6de2df3c7584be7bf3de4f6f52d35e2/commit/0872363ea6de2df3c7584be7bf3de4f6f52d35e2	https://github.com/JLP04/docker-elevation-generator.git#refs/pull/10/merge/commit/4a2cc7daafb000b33b63d0cdd546cf4d8af2098d
- vulnerabilities
- platform	linux/386	linux/386
- size	9.4 GB	9.4 GB (+48 kB)
- packages	956	956
Base Image	`debian:latest` also known as: • `13` • `13.2` • `trixie` • `trixie-20251117`	`debian:latest` also known as: • `13` • `13.2` • `trixie` • `trixie-20251117`
- vulnerabilities

Packages and Vulnerabilities (1 package changes and 0 vulnerability changes)

♾️ 1 packages changed

601 packages unchanged

Changes for packages of type deb (1 changes)

	Package	Version `jlp04/elevation-generator:latest`	Version `ghcr.io/jlp04/elevation-generator:test`
♾️	libunbound8	`1.22.0-2`	`1.22.0-2+deb13u1`

github-actions · 2025-12-07T00:46:40Z


Your image	`ghcr.io/jlp04/elevation-generator:test`
Current base image	`debian:latest`

github-actions · 2025-12-07T00:46:43Z

🔍 Vulnerabilities of `ghcr.io/jlp04/elevation-generator:test`

📦 Image Reference ghcr.io/jlp04/elevation-generator:test

digest	`sha256:6d931efd12071a02d20b5655613724d3c5f0ce4c055504d2904e2b8ccf8e6514`
vulnerabilities
platform	linux/amd64
size	9.4 GB
packages	960

📦 Base Image debian:13

also known as	`13.2` `latest` `trixie` `trixie-20251117`
digest	`sha256:02711e365bccbd2045230e2c41b9c534d28df1c05ec3712c0b9a1a953a885f43`
vulnerabilities

stdlib 1.25.4 (golang)

pkg:golang/stdlib@1.25.4

# Dockerfile (241:241)
RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash

Affected range	`>=1.25.0 <1.25.5`
Fixed version	`1.25.5`
EPSS Score	`0.012%`
EPSS Percentile	`1st percentile`

Description

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Affected range	`>=1.25.0 <1.25.5`
Fixed version	`1.25.5`
EPSS Score	`0.016%`
EPSS Percentile	`3rd percentile`

Description

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

jquery-ui 1.11.2 (npm)

pkg:npm/jquery-ui@1.11.2

# Dockerfile (227:227)
COPY --from=build /tmp/install /flightgear/script/dnc-managed/install

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`22.087%`
EPSS Percentile	`96th percentile`

Description

Impact

Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code:
$( "#element" ).position( {
	my: "left top",
	at: "right bottom",
	of: "<img onerror='doEvilThing()' src='/404' />",
	collision: "none"
} );
will call the doEvilThing() function.

Patches

The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector.

Workarounds

A workaround is to not accept the value of the of option from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`2.867%`
EPSS Percentile	`86th percentile`

Description

Impact

Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way:
$( "#datepicker" ).datepicker( {
	showButtonPanel: true,
	showOn: "both",
	closeText: "<script>doEvilThing( 'closeText XSS' )</script>",
	currentText: "<script>doEvilThing( 'currentText XSS' )</script>",
	prevText: "<script>doEvilThing( 'prevText XSS' )</script>",
	nextText: "<script>doEvilThing( 'nextText XSS' )</script>",
	buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>",
	appendText: "<script>doEvilThing( 'appendText XSS' )</script>",
} );
will call doEvilThing with 6 different parameters coming from all *Text options.

Patches

The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML.

Workarounds

A workaround is to not accept the value of the *Text options from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`19.260%`
EPSS Percentile	`95th percentile`

Description

Impact

Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way:
$( "#datepicker" ).datepicker( {
	altField: "<img onerror='doEvilThing()' src='/404' />",
} );
will call the doEvilThing function.

Patches

The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector.

Workarounds

A workaround is to not accept the value of the altField option from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.2`
Fixed version	`1.13.2`
CVSS Score	`6.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
EPSS Score	`15.257%`
EPSS Percentile	`94th percentile`

Description

Impact

Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code.

For example, starting with the following initial secure HTML:
<label>
	<input id="test-input">
	&lt;img src=x onerror="alert(1)"&gt;
</label>
and calling:
$( "#test-input" ).checkboxradio();
$( "#test-input" ).checkboxradio( "refresh" );
will turn the initial HTML into:
<label>
	
	<input id="test-input">
	<img src=x onerror="alert(1)">
</label>
and the alert will get executed.

Patches

The bug has been patched in jQuery UI 1.13.2.

Workarounds

To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span:
<label>
	<input id="test-input">
	<span>&lt;img src=x onerror="alert(1)"&gt;</span>
</label>
References

https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.12.0`
Fixed version	`1.12.0`
CVSS Score	`6.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
EPSS Score	`1.383%`
EPSS Percentile	`80th percentile`

Description

Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function.

jQuery-UI is a library for manipulating UI elements via jQuery.

Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

Recommendation

Upgrade to jQuery-UI 1.12.0 or later.

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Affected range	`<=1.11.4`
Fixed version	`1.12.0`

Description

jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

github-actions · 2025-12-07T00:46:46Z

Recommended fixes for image (linux/amd64) `ghcr.io/jlp04/elevation-generator:test`

Base image is debian:latest

Name	13.2
Digest	sha256:02711e365bccbd2045230e2c41b9c534d28df1c05ec3712c0b9a1a953a885f43
Vulnerabilities
Pushed	2 weeks ago
Size	49 MB
Packages	111
OS	13.2

The base image is also available under the supported tag(s): 13, 13.2, trixie, trixie-20251117

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-12-07T00:47:06Z

Overview

Image reference	`jlp04/elevation-generator:latest`	`ghcr.io/jlp04/elevation-generator:test`
- digest	`d33c4cc2471a`	`6d931efd1207`
- tag	`latest`	`test`
- provenance	https://github.com/JLP04/docker-elevation-generator.git#0872363ea6de2df3c7584be7bf3de4f6f52d35e2/commit/0872363ea6de2df3c7584be7bf3de4f6f52d35e2	https://github.com/JLP04/docker-elevation-generator.git#refs/pull/10/merge/commit/4a2cc7daafb000b33b63d0cdd546cf4d8af2098d
- vulnerabilities
- platform	linux/amd64	linux/amd64
- size	9.4 GB	9.4 GB (+42 kB)
- packages	960	960
Base Image	`debian:latest` also known as: • `13` • `13.2` • `trixie` • `trixie-20251117`	`debian:latest` also known as: • `13` • `13.2` • `trixie` • `trixie-20251117`
- vulnerabilities

Packages and Vulnerabilities (1 package changes and 0 vulnerability changes)

♾️ 1 packages changed

605 packages unchanged

Changes for packages of type deb (1 changes)

	Package	Version `jlp04/elevation-generator:latest`	Version `ghcr.io/jlp04/elevation-generator:test`
♾️	libunbound8	`1.22.0-2`	`1.22.0-2+deb13u1`

github-actions · 2025-12-07T00:47:23Z


Your image	`ghcr.io/jlp04/elevation-generator:test`
Current base image	`debian:latest`

github-actions · 2025-12-07T00:47:26Z

🔍 Vulnerabilities of `ghcr.io/jlp04/elevation-generator:test`

📦 Image Reference ghcr.io/jlp04/elevation-generator:test

digest	`sha256:07cc152261571d0bd568792e46a459a34b431f21c77242253b9ac9ebb1d2c9e9`
vulnerabilities
platform	linux/arm/v5
size	9.4 GB
packages	944

📦 Base Image debian:13

also known as	`13.2` `latest` `trixie` `trixie-20251117`
digest	`sha256:613332e5ddbe82c5b2a01e251cd46fc024d6ff6279cbb3128f689364caf1c37f`
vulnerabilities

stdlib 1.25.4 (golang)

pkg:golang/stdlib@1.25.4

# Dockerfile (241:241)
RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash

Affected range	`>=1.25.0 <1.25.5`
Fixed version	`1.25.5`
EPSS Score	`0.012%`
EPSS Percentile	`1st percentile`

Description

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Affected range	`>=1.25.0 <1.25.5`
Fixed version	`1.25.5`
EPSS Score	`0.016%`
EPSS Percentile	`3rd percentile`

Description

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

jquery-ui 1.11.2 (npm)

pkg:npm/jquery-ui@1.11.2

# Dockerfile (227:227)
COPY --from=build /tmp/install /flightgear/script/dnc-managed/install

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`22.087%`
EPSS Percentile	`96th percentile`

Description

Impact

Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code:
$( "#element" ).position( {
	my: "left top",
	at: "right bottom",
	of: "<img onerror='doEvilThing()' src='/404' />",
	collision: "none"
} );
will call the doEvilThing() function.

Patches

The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector.

Workarounds

A workaround is to not accept the value of the of option from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`2.867%`
EPSS Percentile	`86th percentile`

Description

Impact

Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way:
$( "#datepicker" ).datepicker( {
	showButtonPanel: true,
	showOn: "both",
	closeText: "<script>doEvilThing( 'closeText XSS' )</script>",
	currentText: "<script>doEvilThing( 'currentText XSS' )</script>",
	prevText: "<script>doEvilThing( 'prevText XSS' )</script>",
	nextText: "<script>doEvilThing( 'nextText XSS' )</script>",
	buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>",
	appendText: "<script>doEvilThing( 'appendText XSS' )</script>",
} );
will call doEvilThing with 6 different parameters coming from all *Text options.

Patches

The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML.

Workarounds

A workaround is to not accept the value of the *Text options from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`19.260%`
EPSS Percentile	`95th percentile`

Description

Impact

Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way:
$( "#datepicker" ).datepicker( {
	altField: "<img onerror='doEvilThing()' src='/404' />",
} );
will call the doEvilThing function.

Patches

The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector.

Workarounds

A workaround is to not accept the value of the altField option from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.2`
Fixed version	`1.13.2`
CVSS Score	`6.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
EPSS Score	`15.257%`
EPSS Percentile	`94th percentile`

Description

Impact

Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code.

For example, starting with the following initial secure HTML:
<label>
	<input id="test-input">
	&lt;img src=x onerror="alert(1)"&gt;
</label>
and calling:
$( "#test-input" ).checkboxradio();
$( "#test-input" ).checkboxradio( "refresh" );
will turn the initial HTML into:
<label>
	
	<input id="test-input">
	<img src=x onerror="alert(1)">
</label>
and the alert will get executed.

Patches

The bug has been patched in jQuery UI 1.13.2.

Workarounds

To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span:
<label>
	<input id="test-input">
	<span>&lt;img src=x onerror="alert(1)"&gt;</span>
</label>
References

https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.12.0`
Fixed version	`1.12.0`
CVSS Score	`6.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
EPSS Score	`1.383%`
EPSS Percentile	`80th percentile`

Description

Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function.

jQuery-UI is a library for manipulating UI elements via jQuery.

Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

Recommendation

Upgrade to jQuery-UI 1.12.0 or later.

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Affected range	`<=1.11.4`
Fixed version	`1.12.0`

Description

jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

github-actions · 2025-12-07T00:47:29Z

Recommended fixes for image (linux/arm/v5) `ghcr.io/jlp04/elevation-generator:test`

Base image is debian:latest

Name	13.2
Digest	sha256:613332e5ddbe82c5b2a01e251cd46fc024d6ff6279cbb3128f689364caf1c37f
Vulnerabilities
Pushed	2 weeks ago
Size	47 MB
Packages	112
OS	13.2

The base image is also available under the supported tag(s): 13, 13.2, trixie, trixie-20251117

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-12-07T00:47:49Z

Overview

Image reference	`jlp04/elevation-generator:latest`	`ghcr.io/jlp04/elevation-generator:test`
- digest	`147e88004dee`	`07cc15226157`
- tag	`latest`	`test`
- provenance	https://github.com/JLP04/docker-elevation-generator.git#0872363ea6de2df3c7584be7bf3de4f6f52d35e2/commit/0872363ea6de2df3c7584be7bf3de4f6f52d35e2	https://github.com/JLP04/docker-elevation-generator.git#refs/pull/10/merge/commit/4a2cc7daafb000b33b63d0cdd546cf4d8af2098d
- vulnerabilities
- platform	linux/arm	linux/arm
- size	9.4 GB	9.4 GB (+36 kB)
- packages	944	944
Base Image	`debian:latest` also known as: • `13` • `13.2` • `trixie` • `trixie-20251117`	`debian:latest` also known as: • `13` • `13.2` • `trixie` • `trixie-20251117`
- vulnerabilities

Packages and Vulnerabilities (1 package changes and 0 vulnerability changes)

♾️ 1 packages changed

597 packages unchanged

Changes for packages of type deb (1 changes)

	Package	Version `jlp04/elevation-generator:latest`	Version `ghcr.io/jlp04/elevation-generator:test`
♾️	libunbound8	`1.22.0-2`	`1.22.0-2+deb13u1`

github-actions · 2025-12-07T00:48:06Z


Your image	`ghcr.io/jlp04/elevation-generator:test`
Current base image	`debian:latest`

github-actions · 2025-12-07T00:48:09Z

🔍 Vulnerabilities of `ghcr.io/jlp04/elevation-generator:test`

📦 Image Reference ghcr.io/jlp04/elevation-generator:test

digest	`sha256:fe35696769f49fffbe7fbd1754014b98664f195cff28dd825abbc8e66b32d366`
vulnerabilities
platform	linux/arm/v7
size	9.4 GB
packages	943

📦 Base Image debian:13

also known as	`13.2` `latest` `trixie` `trixie-20251117`
digest	`sha256:e1fb7ff4bf1be1bb755dfd957dbe43d1125e0f1f459693622d2e7aaeeec474f1`
vulnerabilities

stdlib 1.25.4 (golang)

pkg:golang/stdlib@1.25.4

# Dockerfile (241:241)
RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash

Affected range	`>=1.25.0 <1.25.5`
Fixed version	`1.25.5`
EPSS Score	`0.012%`
EPSS Percentile	`1st percentile`

Description

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Affected range	`>=1.25.0 <1.25.5`
Fixed version	`1.25.5`
EPSS Score	`0.016%`
EPSS Percentile	`3rd percentile`

Description

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

jquery-ui 1.11.2 (npm)

pkg:npm/jquery-ui@1.11.2

# Dockerfile (227:227)
COPY --from=build /tmp/install /flightgear/script/dnc-managed/install

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`22.087%`
EPSS Percentile	`96th percentile`

Description

Impact

Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code:
$( "#element" ).position( {
	my: "left top",
	at: "right bottom",
	of: "<img onerror='doEvilThing()' src='/404' />",
	collision: "none"
} );
will call the doEvilThing() function.

Patches

The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector.

Workarounds

A workaround is to not accept the value of the of option from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`2.867%`
EPSS Percentile	`86th percentile`

Description

Impact

Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way:
$( "#datepicker" ).datepicker( {
	showButtonPanel: true,
	showOn: "both",
	closeText: "<script>doEvilThing( 'closeText XSS' )</script>",
	currentText: "<script>doEvilThing( 'currentText XSS' )</script>",
	prevText: "<script>doEvilThing( 'prevText XSS' )</script>",
	nextText: "<script>doEvilThing( 'nextText XSS' )</script>",
	buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>",
	appendText: "<script>doEvilThing( 'appendText XSS' )</script>",
} );
will call doEvilThing with 6 different parameters coming from all *Text options.

Patches

The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML.

Workarounds

A workaround is to not accept the value of the *Text options from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`19.260%`
EPSS Percentile	`95th percentile`

Description

Impact

Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way:
$( "#datepicker" ).datepicker( {
	altField: "<img onerror='doEvilThing()' src='/404' />",
} );
will call the doEvilThing function.

Patches

The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector.

Workarounds

A workaround is to not accept the value of the altField option from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.2`
Fixed version	`1.13.2`
CVSS Score	`6.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
EPSS Score	`15.257%`
EPSS Percentile	`94th percentile`

Description

Impact

Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code.

For example, starting with the following initial secure HTML:
<label>
	<input id="test-input">
	&lt;img src=x onerror="alert(1)"&gt;
</label>
and calling:
$( "#test-input" ).checkboxradio();
$( "#test-input" ).checkboxradio( "refresh" );
will turn the initial HTML into:
<label>
	
	<input id="test-input">
	<img src=x onerror="alert(1)">
</label>
and the alert will get executed.

Patches

The bug has been patched in jQuery UI 1.13.2.

Workarounds

To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span:
<label>
	<input id="test-input">
	<span>&lt;img src=x onerror="alert(1)"&gt;</span>
</label>
References

https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.12.0`
Fixed version	`1.12.0`
CVSS Score	`6.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
EPSS Score	`1.383%`
EPSS Percentile	`80th percentile`

Description

Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function.

jQuery-UI is a library for manipulating UI elements via jQuery.

Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

Recommendation

Upgrade to jQuery-UI 1.12.0 or later.

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Affected range	`<=1.11.4`
Fixed version	`1.12.0`

Description

jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

github-actions · 2025-12-07T00:48:12Z

Recommended fixes for image (linux/arm/v7) `ghcr.io/jlp04/elevation-generator:test`

Base image is debian:latest

Name	13.2
Digest	sha256:e1fb7ff4bf1be1bb755dfd957dbe43d1125e0f1f459693622d2e7aaeeec474f1
Vulnerabilities
Pushed	2 weeks ago
Size	46 MB
Packages	111
OS	13.2

The base image is also available under the supported tag(s): 13, 13.2, trixie, trixie-20251117

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-12-07T00:48:32Z

Overview

Image reference	`jlp04/elevation-generator:latest`	`ghcr.io/jlp04/elevation-generator:test`
- digest	`f94afd9ec494`	`fe35696769f4`
- tag	`latest`	`test`
- provenance	https://github.com/JLP04/docker-elevation-generator.git#0872363ea6de2df3c7584be7bf3de4f6f52d35e2/commit/0872363ea6de2df3c7584be7bf3de4f6f52d35e2	https://github.com/JLP04/docker-elevation-generator.git#refs/pull/10/merge/commit/4a2cc7daafb000b33b63d0cdd546cf4d8af2098d
- vulnerabilities
- platform	linux/arm	linux/arm
- size	9.4 GB	9.4 GB (+54 kB)
- packages	943	943
Base Image	`debian:latest` also known as: • `13` • `13.2` • `trixie` • `trixie-20251117`	`debian:latest` also known as: • `13` • `13.2` • `trixie` • `trixie-20251117`
- vulnerabilities

Packages and Vulnerabilities (1 package changes and 0 vulnerability changes)

♾️ 1 packages changed

597 packages unchanged

Changes for packages of type deb (1 changes)

	Package	Version `jlp04/elevation-generator:latest`	Version `ghcr.io/jlp04/elevation-generator:test`
♾️	libunbound8	`1.22.0-2`	`1.22.0-2+deb13u1`

github-actions · 2025-12-07T00:48:49Z


Your image	`ghcr.io/jlp04/elevation-generator:test`
Current base image	`debian:latest`

github-actions · 2025-12-07T00:48:53Z

🔍 Vulnerabilities of `ghcr.io/jlp04/elevation-generator:test`

📦 Image Reference ghcr.io/jlp04/elevation-generator:test

digest	`sha256:f04dbd183349d76fcab4728a7f5633aeb96f567dbbbb5fc9c4da000d4fc1d381`
vulnerabilities
platform	linux/arm64
size	9.4 GB
packages	957

📦 Base Image debian:13

also known as	`13.2` `latest` `trixie` `trixie-20251117`
digest	`sha256:efca9f2dc86221f8eef0587e1cf8bb32908252232c036729f12649eab661c6e2`
vulnerabilities

stdlib 1.25.4 (golang)

pkg:golang/stdlib@1.25.4

# Dockerfile (241:241)
RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash

Affected range	`>=1.25.0 <1.25.5`
Fixed version	`1.25.5`
EPSS Score	`0.012%`
EPSS Percentile	`1st percentile`

Description

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Affected range	`>=1.25.0 <1.25.5`
Fixed version	`1.25.5`
EPSS Score	`0.016%`
EPSS Percentile	`3rd percentile`

Description

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

jquery-ui 1.11.2 (npm)

pkg:npm/jquery-ui@1.11.2

# Dockerfile (227:227)
COPY --from=build /tmp/install /flightgear/script/dnc-managed/install

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`22.087%`
EPSS Percentile	`96th percentile`

Description

Impact

Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code:
$( "#element" ).position( {
	my: "left top",
	at: "right bottom",
	of: "<img onerror='doEvilThing()' src='/404' />",
	collision: "none"
} );
will call the doEvilThing() function.

Patches

The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector.

Workarounds

A workaround is to not accept the value of the of option from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`2.867%`
EPSS Percentile	`86th percentile`

Description

Impact

Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way:
$( "#datepicker" ).datepicker( {
	showButtonPanel: true,
	showOn: "both",
	closeText: "<script>doEvilThing( 'closeText XSS' )</script>",
	currentText: "<script>doEvilThing( 'currentText XSS' )</script>",
	prevText: "<script>doEvilThing( 'prevText XSS' )</script>",
	nextText: "<script>doEvilThing( 'nextText XSS' )</script>",
	buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>",
	appendText: "<script>doEvilThing( 'appendText XSS' )</script>",
} );
will call doEvilThing with 6 different parameters coming from all *Text options.

Patches

The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML.

Workarounds

A workaround is to not accept the value of the *Text options from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`19.260%`
EPSS Percentile	`95th percentile`

Description

Impact

Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way:
$( "#datepicker" ).datepicker( {
	altField: "<img onerror='doEvilThing()' src='/404' />",
} );
will call the doEvilThing function.

Patches

The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector.

Workarounds

A workaround is to not accept the value of the altField option from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.2`
Fixed version	`1.13.2`
CVSS Score	`6.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
EPSS Score	`15.257%`
EPSS Percentile	`94th percentile`

Description

Impact

Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code.

For example, starting with the following initial secure HTML:
<label>
	<input id="test-input">
	&lt;img src=x onerror="alert(1)"&gt;
</label>
and calling:
$( "#test-input" ).checkboxradio();
$( "#test-input" ).checkboxradio( "refresh" );
will turn the initial HTML into:
<label>
	
	<input id="test-input">
	<img src=x onerror="alert(1)">
</label>
and the alert will get executed.

Patches

The bug has been patched in jQuery UI 1.13.2.

Workarounds

To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span:
<label>
	<input id="test-input">
	<span>&lt;img src=x onerror="alert(1)"&gt;</span>
</label>
References

https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.12.0`
Fixed version	`1.12.0`
CVSS Score	`6.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
EPSS Score	`1.383%`
EPSS Percentile	`80th percentile`

Description

Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function.

jQuery-UI is a library for manipulating UI elements via jQuery.

Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

Recommendation

Upgrade to jQuery-UI 1.12.0 or later.

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Affected range	`<=1.11.4`
Fixed version	`1.12.0`

Description

jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

github-actions · 2025-12-07T00:48:56Z

Recommended fixes for image (linux/arm64) `ghcr.io/jlp04/elevation-generator:test`

Base image is debian:latest

Name	13.2
Digest	sha256:efca9f2dc86221f8eef0587e1cf8bb32908252232c036729f12649eab661c6e2
Vulnerabilities
Pushed	2 weeks ago
Size	50 MB
Packages	111
OS	13.2

The base image is also available under the supported tag(s): 13, 13.2, trixie, trixie-20251117

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-12-07T00:49:16Z

Overview

Image reference	`jlp04/elevation-generator:latest`	`ghcr.io/jlp04/elevation-generator:test`
- digest	`89ad41fc192f`	`f04dbd183349`
- tag	`latest`	`test`
- provenance	https://github.com/JLP04/docker-elevation-generator.git#0872363ea6de2df3c7584be7bf3de4f6f52d35e2/commit/0872363ea6de2df3c7584be7bf3de4f6f52d35e2	https://github.com/JLP04/docker-elevation-generator.git#refs/pull/10/merge/commit/4a2cc7daafb000b33b63d0cdd546cf4d8af2098d
- vulnerabilities
- platform	linux/arm64	linux/arm64
- size	9.4 GB	9.4 GB (+57 kB)
- packages	957	957
Base Image	`debian:latest` also known as: • `13` • `13.2` • `trixie` • `trixie-20251117`	`debian:latest` also known as: • `13` • `13.2` • `trixie` • `trixie-20251117`
- vulnerabilities

Packages and Vulnerabilities (1 package changes and 0 vulnerability changes)

♾️ 1 packages changed

603 packages unchanged

Changes for packages of type deb (1 changes)

	Package	Version `jlp04/elevation-generator:latest`	Version `ghcr.io/jlp04/elevation-generator:test`
♾️	libunbound8	`1.22.0-2`	`1.22.0-2+deb13u1`

github-actions · 2025-12-07T00:49:32Z


Your image	`ghcr.io/jlp04/elevation-generator:test`
Current base image	`debian:latest`

github-actions · 2025-12-07T00:49:36Z

🔍 Vulnerabilities of `ghcr.io/jlp04/elevation-generator:test`

📦 Image Reference ghcr.io/jlp04/elevation-generator:test

digest	`sha256:a8226a760f7afb6c2a3b4abb101d9f51fa72313f7480fc4cb94bf425528be126`
vulnerabilities
platform	linux/ppc64le
size	9.4 GB
packages	953

📦 Base Image debian:13

also known as	`13.2` `latest` `trixie` `trixie-20251117`
digest	`sha256:39d45be8ebdc5d05d5ce46e2aeb227bbcff2121e71db23bb2239a4f13c8a0586`
vulnerabilities

stdlib 1.24.4 (golang)

pkg:golang/stdlib@1.24.4

# Dockerfile (241:241)
RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash

Affected range	`<1.24.11`
Fixed version	`1.24.11`
EPSS Score	`0.012%`
EPSS Percentile	`1st percentile`

Description

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Affected range	`<1.24.8`
Fixed version	`1.24.8`
EPSS Score	`0.026%`
EPSS Percentile	`6th percentile`

Description

The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.

Affected range	`<1.24.8`
Fixed version	`1.24.8`
EPSS Score	`0.026%`
EPSS Percentile	`6th percentile`

Description

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input.

This affects programs which parse untrusted PEM inputs.

Affected range	`<1.24.8`
Fixed version	`1.24.8`
EPSS Score	`0.014%`
EPSS Percentile	`2nd percentile`

Description

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method.

This affects programs which validate arbitrary certificate chains.

Affected range	`<1.24.9`
Fixed version	`1.24.9`
EPSS Score	`0.014%`
EPSS Percentile	`2nd percentile`

Description

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate.

This affects programs which validate arbitrary certificate chains.

Affected range	`<1.24.11`
Fixed version	`1.24.11`
EPSS Score	`0.016%`
EPSS Percentile	`3rd percentile`

Description

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

Affected range	`>=1.24.0 <1.24.6`
Fixed version	`1.24.6`
EPSS Score	`0.020%`
EPSS Percentile	`4th percentile`

Description

If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.

Affected range	`<1.24.8`
Fixed version	`1.24.8`
EPSS Score	`0.025%`
EPSS Percentile	`6th percentile`

Description

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.

Affected range	`<1.24.8`
Fixed version	`1.24.8`
EPSS Score	`0.019%`
EPSS Percentile	`4th percentile`

Description

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

Affected range	`<1.24.8`
Fixed version	`1.24.8`
EPSS Score	`0.025%`
EPSS Percentile	`6th percentile`

Description

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.

Affected range	`<1.24.8`
Fixed version	`1.24.8`
EPSS Score	`0.033%`
EPSS Percentile	`9th percentile`

Description

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.

Affected range	`<1.24.8`
Fixed version	`1.24.8`
EPSS Score	`0.025%`
EPSS Percentile	`6th percentile`

Description

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.

Affected range	`<1.24.8`
Fixed version	`1.24.8`
EPSS Score	`0.014%`
EPSS Percentile	`2nd percentile`

Description

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.

jquery-ui 1.11.2 (npm)

pkg:npm/jquery-ui@1.11.2

# Dockerfile (227:227)
COPY --from=build /tmp/install /flightgear/script/dnc-managed/install

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`22.087%`
EPSS Percentile	`96th percentile`

Description

Impact

Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code:
$( "#element" ).position( {
	my: "left top",
	at: "right bottom",
	of: "<img onerror='doEvilThing()' src='/404' />",
	collision: "none"
} );
will call the doEvilThing() function.

Patches

The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector.

Workarounds

A workaround is to not accept the value of the of option from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`2.867%`
EPSS Percentile	`86th percentile`

Description

Impact

Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way:
$( "#datepicker" ).datepicker( {
	showButtonPanel: true,
	showOn: "both",
	closeText: "<script>doEvilThing( 'closeText XSS' )</script>",
	currentText: "<script>doEvilThing( 'currentText XSS' )</script>",
	prevText: "<script>doEvilThing( 'prevText XSS' )</script>",
	nextText: "<script>doEvilThing( 'nextText XSS' )</script>",
	buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>",
	appendText: "<script>doEvilThing( 'appendText XSS' )</script>",
} );
will call doEvilThing with 6 different parameters coming from all *Text options.

Patches

The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML.

Workarounds

A workaround is to not accept the value of the *Text options from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`19.260%`
EPSS Percentile	`95th percentile`

Description

Impact

Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way:
$( "#datepicker" ).datepicker( {
	altField: "<img onerror='doEvilThing()' src='/404' />",
} );
will call the doEvilThing function.

Patches

The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector.

Workarounds

A workaround is to not accept the value of the altField option from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.2`
Fixed version	`1.13.2`
CVSS Score	`6.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
EPSS Score	`15.257%`
EPSS Percentile	`94th percentile`

Description

Impact

Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code.

For example, starting with the following initial secure HTML:
<label>
	<input id="test-input">
	&lt;img src=x onerror="alert(1)"&gt;
</label>
and calling:
$( "#test-input" ).checkboxradio();
$( "#test-input" ).checkboxradio( "refresh" );
will turn the initial HTML into:
<label>
	
	<input id="test-input">
	<img src=x onerror="alert(1)">
</label>
and the alert will get executed.

Patches

The bug has been patched in jQuery UI 1.13.2.

Workarounds

To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span:
<label>
	<input id="test-input">
	<span>&lt;img src=x onerror="alert(1)"&gt;</span>
</label>
References

https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.12.0`
Fixed version	`1.12.0`
CVSS Score	`6.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
EPSS Score	`1.383%`
EPSS Percentile	`80th percentile`

Description

Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function.

jQuery-UI is a library for manipulating UI elements via jQuery.

Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

Recommendation

Upgrade to jQuery-UI 1.12.0 or later.

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Affected range	`<=1.11.4`
Fixed version	`1.12.0`

Description

jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

github-actions · 2025-12-07T00:49:40Z

Recommended fixes for image (linux/ppc64le) `ghcr.io/jlp04/elevation-generator:test`

Base image is debian:latest

Name	13.2
Digest	sha256:39d45be8ebdc5d05d5ce46e2aeb227bbcff2121e71db23bb2239a4f13c8a0586
Vulnerabilities
Pushed	2 weeks ago
Size	53 MB
Packages	111
OS	13.2

The base image is also available under the supported tag(s): 13, 13.2, trixie, trixie-20251117

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-12-07T00:49:59Z

Overview

Image reference	`jlp04/elevation-generator:latest`	`ghcr.io/jlp04/elevation-generator:test`
- digest	`fad1c7294bdd`	`a8226a760f7a`
- tag	`latest`	`test`
- provenance	https://github.com/JLP04/docker-elevation-generator.git#0872363ea6de2df3c7584be7bf3de4f6f52d35e2/commit/0872363ea6de2df3c7584be7bf3de4f6f52d35e2	https://github.com/JLP04/docker-elevation-generator.git#refs/pull/10/merge/commit/4a2cc7daafb000b33b63d0cdd546cf4d8af2098d
- vulnerabilities
- platform	linux/ppc64le	linux/ppc64le
- size	9.4 GB	9.4 GB (+61 kB)
- packages	953	953
Base Image	`debian:latest` also known as: • `13` • `13.2` • `trixie` • `trixie-20251117`	`debian:latest` also known as: • `13` • `13.2` • `trixie` • `trixie-20251117`
- vulnerabilities

Packages and Vulnerabilities (1 package changes and 0 vulnerability changes)

♾️ 1 packages changed

600 packages unchanged

Changes for packages of type deb (1 changes)

	Package	Version `jlp04/elevation-generator:latest`	Version `ghcr.io/jlp04/elevation-generator:test`
♾️	libunbound8	`1.22.0-2`	`1.22.0-2+deb13u1`

github-actions · 2025-12-07T00:50:16Z


Your image	`ghcr.io/jlp04/elevation-generator:test`
Current base image	`debian:latest`

github-actions · 2025-12-07T00:50:20Z

🔍 Vulnerabilities of `ghcr.io/jlp04/elevation-generator:test`

📦 Image Reference ghcr.io/jlp04/elevation-generator:test

digest	`sha256:b12091a813bb04b0f54a1be035d8e33643744d8b47dd3d0126ec27e5beeb7376`
vulnerabilities
platform	linux/riscv64
size	9.4 GB
packages	948

📦 Base Image debian:13

also known as	`13.2` `latest` `trixie` `trixie-20251117`
digest	`sha256:f9fd45b6fc096cc2ebd15ae31a15a7e8bf5fdfc1e795302c7dc850ac7aa8ccd6`
vulnerabilities

stdlib 1.25.4 (golang)

pkg:golang/stdlib@1.25.4

# Dockerfile (241:241)
RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash

Affected range	`>=1.25.0 <1.25.5`
Fixed version	`1.25.5`
EPSS Score	`0.012%`
EPSS Percentile	`1st percentile`

Description

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Affected range	`>=1.25.0 <1.25.5`
Fixed version	`1.25.5`
EPSS Score	`0.016%`
EPSS Percentile	`3rd percentile`

Description

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

jquery-ui 1.11.2 (npm)

pkg:npm/jquery-ui@1.11.2

# Dockerfile (227:227)
COPY --from=build /tmp/install /flightgear/script/dnc-managed/install

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`22.087%`
EPSS Percentile	`96th percentile`

Description

Impact

Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code:
$( "#element" ).position( {
	my: "left top",
	at: "right bottom",
	of: "<img onerror='doEvilThing()' src='/404' />",
	collision: "none"
} );
will call the doEvilThing() function.

Patches

The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector.

Workarounds

A workaround is to not accept the value of the of option from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`2.867%`
EPSS Percentile	`86th percentile`

Description

Impact

Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way:
$( "#datepicker" ).datepicker( {
	showButtonPanel: true,
	showOn: "both",
	closeText: "<script>doEvilThing( 'closeText XSS' )</script>",
	currentText: "<script>doEvilThing( 'currentText XSS' )</script>",
	prevText: "<script>doEvilThing( 'prevText XSS' )</script>",
	nextText: "<script>doEvilThing( 'nextText XSS' )</script>",
	buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>",
	appendText: "<script>doEvilThing( 'appendText XSS' )</script>",
} );
will call doEvilThing with 6 different parameters coming from all *Text options.

Patches

The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML.

Workarounds

A workaround is to not accept the value of the *Text options from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`19.260%`
EPSS Percentile	`95th percentile`

Description

Impact

Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way:
$( "#datepicker" ).datepicker( {
	altField: "<img onerror='doEvilThing()' src='/404' />",
} );
will call the doEvilThing function.

Patches

The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector.

Workarounds

A workaround is to not accept the value of the altField option from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.2`
Fixed version	`1.13.2`
CVSS Score	`6.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
EPSS Score	`15.257%`
EPSS Percentile	`94th percentile`

Description

Impact

Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code.

For example, starting with the following initial secure HTML:
<label>
	<input id="test-input">
	&lt;img src=x onerror="alert(1)"&gt;
</label>
and calling:
$( "#test-input" ).checkboxradio();
$( "#test-input" ).checkboxradio( "refresh" );
will turn the initial HTML into:
<label>
	
	<input id="test-input">
	<img src=x onerror="alert(1)">
</label>
and the alert will get executed.

Patches

The bug has been patched in jQuery UI 1.13.2.

Workarounds

To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span:
<label>
	<input id="test-input">
	<span>&lt;img src=x onerror="alert(1)"&gt;</span>
</label>
References

https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.12.0`
Fixed version	`1.12.0`
CVSS Score	`6.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
EPSS Score	`1.383%`
EPSS Percentile	`80th percentile`

Description

Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function.

jQuery-UI is a library for manipulating UI elements via jQuery.

Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

Recommendation

Upgrade to jQuery-UI 1.12.0 or later.

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Affected range	`<=1.11.4`
Fixed version	`1.12.0`

Description

jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

github-actions · 2025-12-07T00:50:23Z

Recommended fixes for image (linux/riscv64) `ghcr.io/jlp04/elevation-generator:test`

Base image is debian:latest

Name	13.2
Digest	sha256:f9fd45b6fc096cc2ebd15ae31a15a7e8bf5fdfc1e795302c7dc850ac7aa8ccd6
Vulnerabilities
Pushed	2 weeks ago
Size	48 MB
Packages	109
OS	13.2

The base image is also available under the supported tag(s): 13, 13.2, trixie, trixie-20251117

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-12-07T00:50:43Z

Overview

Image reference	`jlp04/elevation-generator:latest`	`ghcr.io/jlp04/elevation-generator:test`
- digest	`c43ef6ce3de4`	`b12091a813bb`
- tag	`latest`	`test`
- provenance	https://github.com/JLP04/docker-elevation-generator.git#0872363ea6de2df3c7584be7bf3de4f6f52d35e2/commit/0872363ea6de2df3c7584be7bf3de4f6f52d35e2	https://github.com/JLP04/docker-elevation-generator.git#refs/pull/10/merge/commit/4a2cc7daafb000b33b63d0cdd546cf4d8af2098d
- vulnerabilities
- platform	linux/riscv64	linux/riscv64
- size	9.4 GB	9.4 GB (+58 kB)
- packages	948	948
Base Image	`debian:latest` also known as: • `13` • `13.2` • `trixie` • `trixie-20251117`	`debian:latest` also known as: • `13` • `13.2` • `trixie` • `trixie-20251117`
- vulnerabilities

Packages and Vulnerabilities (1 package changes and 0 vulnerability changes)

♾️ 1 packages changed

597 packages unchanged

Changes for packages of type deb (1 changes)

	Package	Version `jlp04/elevation-generator:latest`	Version `ghcr.io/jlp04/elevation-generator:test`
♾️	libunbound8	`1.22.0-2`	`1.22.0-2+deb13u1`

github-actions · 2025-12-07T00:51:02Z


Your image	`ghcr.io/jlp04/elevation-generator:test`
Current base image	`debian:latest`

github-actions · 2025-12-07T00:51:06Z

🔍 Vulnerabilities of `ghcr.io/jlp04/elevation-generator:test`

📦 Image Reference ghcr.io/jlp04/elevation-generator:test

digest	`sha256:99442ae443bd5e0d85c766a1deb0a506e26e6a6b6bd74fbd621a8c6b0195e28e`
vulnerabilities
platform	linux/s390x
size	9.4 GB
packages	947

📦 Base Image debian:13

also known as	`13.2` `latest` `trixie` `trixie-20251117`
digest	`sha256:66fad7f399902dc3a077699f1f6b10df18a00c72d3553f150e5842beec80954f`
vulnerabilities

stdlib 1.24.4 (golang)

pkg:golang/stdlib@1.24.4

# Dockerfile (241:241)
RUN set -o pipefail && curl https://getcroc.schollz.com | bash || curl https://getcroc.schollz.com | sed 's^croc_base_url="https://github.com/schollz/croc/releases/download"^croc_base_url="file://"^g' | bash

Affected range	`<1.24.11`
Fixed version	`1.24.11`
EPSS Score	`0.012%`
EPSS Percentile	`1st percentile`

Description

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Affected range	`<1.24.8`
Fixed version	`1.24.8`
EPSS Score	`0.026%`
EPSS Percentile	`6th percentile`

Description

The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.

Affected range	`<1.24.8`
Fixed version	`1.24.8`
EPSS Score	`0.026%`
EPSS Percentile	`6th percentile`

Description

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input.

This affects programs which parse untrusted PEM inputs.

Affected range	`<1.24.8`
Fixed version	`1.24.8`
EPSS Score	`0.014%`
EPSS Percentile	`2nd percentile`

Description

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method.

This affects programs which validate arbitrary certificate chains.

Affected range	`<1.24.9`
Fixed version	`1.24.9`
EPSS Score	`0.014%`
EPSS Percentile	`2nd percentile`

Description

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate.

This affects programs which validate arbitrary certificate chains.

Affected range	`<1.24.11`
Fixed version	`1.24.11`
EPSS Score	`0.016%`
EPSS Percentile	`3rd percentile`

Description

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

Affected range	`>=1.24.0 <1.24.6`
Fixed version	`1.24.6`
EPSS Score	`0.020%`
EPSS Percentile	`4th percentile`

Description

If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.

Affected range	`<1.24.8`
Fixed version	`1.24.8`
EPSS Score	`0.025%`
EPSS Percentile	`6th percentile`

Description

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.

Affected range	`<1.24.8`
Fixed version	`1.24.8`
EPSS Score	`0.019%`
EPSS Percentile	`4th percentile`

Description

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

Affected range	`<1.24.8`
Fixed version	`1.24.8`
EPSS Score	`0.025%`
EPSS Percentile	`6th percentile`

Description

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.

Affected range	`<1.24.8`
Fixed version	`1.24.8`
EPSS Score	`0.033%`
EPSS Percentile	`9th percentile`

Description

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.

Affected range	`<1.24.8`
Fixed version	`1.24.8`
EPSS Score	`0.025%`
EPSS Percentile	`6th percentile`

Description

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.

Affected range	`<1.24.8`
Fixed version	`1.24.8`
EPSS Score	`0.014%`
EPSS Percentile	`2nd percentile`

Description

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.

jquery-ui 1.11.2 (npm)

pkg:npm/jquery-ui@1.11.2

# Dockerfile (227:227)
COPY --from=build /tmp/install /flightgear/script/dnc-managed/install

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`22.087%`
EPSS Percentile	`96th percentile`

Description

Impact

Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code:
$( "#element" ).position( {
	my: "left top",
	at: "right bottom",
	of: "<img onerror='doEvilThing()' src='/404' />",
	collision: "none"
} );
will call the doEvilThing() function.

Patches

The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector.

Workarounds

A workaround is to not accept the value of the of option from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`2.867%`
EPSS Percentile	`86th percentile`

Description

Impact

Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way:
$( "#datepicker" ).datepicker( {
	showButtonPanel: true,
	showOn: "both",
	closeText: "<script>doEvilThing( 'closeText XSS' )</script>",
	currentText: "<script>doEvilThing( 'currentText XSS' )</script>",
	prevText: "<script>doEvilThing( 'prevText XSS' )</script>",
	nextText: "<script>doEvilThing( 'nextText XSS' )</script>",
	buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>",
	appendText: "<script>doEvilThing( 'appendText XSS' )</script>",
} );
will call doEvilThing with 6 different parameters coming from all *Text options.

Patches

The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML.

Workarounds

A workaround is to not accept the value of the *Text options from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.0`
Fixed version	`1.13.0`
CVSS Score	`6.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N`
EPSS Score	`19.260%`
EPSS Percentile	`95th percentile`

Description

Impact

Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way:
$( "#datepicker" ).datepicker( {
	altField: "<img onerror='doEvilThing()' src='/404' />",
} );
will call the doEvilThing function.

Patches

The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector.

Workarounds

A workaround is to not accept the value of the altField option from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.13.2`
Fixed version	`1.13.2`
CVSS Score	`6.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
EPSS Score	`15.257%`
EPSS Percentile	`94th percentile`

Description

Impact

Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code.

For example, starting with the following initial secure HTML:
<label>
	<input id="test-input">
	&lt;img src=x onerror="alert(1)"&gt;
</label>
and calling:
$( "#test-input" ).checkboxradio();
$( "#test-input" ).checkboxradio( "refresh" );
will turn the initial HTML into:
<label>
	
	<input id="test-input">
	<img src=x onerror="alert(1)">
</label>
and the alert will get executed.

Patches

The bug has been patched in jQuery UI 1.13.2.

Workarounds

To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span:
<label>
	<input id="test-input">
	<span>&lt;img src=x onerror="alert(1)"&gt;</span>
</label>
References

https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected range	`<1.12.0`
Fixed version	`1.12.0`
CVSS Score	`6.1`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
EPSS Score	`1.383%`
EPSS Percentile	`80th percentile`

Description

Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function.

jQuery-UI is a library for manipulating UI elements via jQuery.

Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

Recommendation

Upgrade to jQuery-UI 1.12.0 or later.

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Affected range	`<=1.11.4`
Fixed version	`1.12.0`

Description

jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

github-actions · 2025-12-07T00:51:09Z

Recommended fixes for image (linux/s390x) `ghcr.io/jlp04/elevation-generator:test`

Base image is debian:latest

Name	13.2
Digest	sha256:66fad7f399902dc3a077699f1f6b10df18a00c72d3553f150e5842beec80954f
Vulnerabilities
Pushed	2 weeks ago
Size	49 MB
Packages	111
OS	13.2

The base image is also available under the supported tag(s): 13, 13.2, trixie, trixie-20251117

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2025-12-07T00:51:29Z

Overview

Image reference	`jlp04/elevation-generator:latest`	`ghcr.io/jlp04/elevation-generator:test`
- digest	`4d2afc56c94b`	`99442ae443bd`
- tag	`latest`	`test`
- provenance	https://github.com/JLP04/docker-elevation-generator.git#0872363ea6de2df3c7584be7bf3de4f6f52d35e2/commit/0872363ea6de2df3c7584be7bf3de4f6f52d35e2	https://github.com/JLP04/docker-elevation-generator.git#refs/pull/10/merge/commit/4a2cc7daafb000b33b63d0cdd546cf4d8af2098d
- vulnerabilities
- platform	linux/s390x	linux/s390x
- size	9.4 GB	9.4 GB (+47 kB)
- packages	947	947
Base Image	`debian:latest` also known as: • `13` • `13.2` • `trixie` • `trixie-20251117`	`debian:latest` also known as: • `13` • `13.2` • `trixie` • `trixie-20251117`
- vulnerabilities

Packages and Vulnerabilities (1 package changes and 0 vulnerability changes)

♾️ 1 packages changed

594 packages unchanged

Changes for packages of type deb (1 changes)

	Package	Version `jlp04/elevation-generator:latest`	Version `ghcr.io/jlp04/elevation-generator:test`
♾️	libunbound8	`1.22.0-2`	`1.22.0-2+deb13u1`

Update ATC-pie to Version 1.9.2

7545879

JLP04 added pr-pull This PR is ready to be merged, and the changes within are ready to be promoted to the `latest` tag and removed pr-pull This PR is ready to be merged, and the changes within are ready to be promoted to the `latest` tag labels Dec 11, 2025

Update ATC-pie to Version 1.9.2 #10

Are you sure you want to change the base?

Update ATC-pie to Version 1.9.2 #10

Uh oh!

Conversation

JLP04 commented Dec 6, 2025

Uh oh!

github-actions bot commented Dec 7, 2025

Uh oh!

github-actions bot commented Dec 7, 2025

🔍 Vulnerabilities of ghcr.io/jlp04/elevation-generator:test

Impact

Patches

Workarounds

For more information

Impact

Patches

Workarounds

For more information

Impact

Patches

Workarounds

For more information

Impact

Patches

Workarounds

References

For more information

Recommendation

Uh oh!

github-actions bot commented Dec 7, 2025

Recommended fixes for image (linux/386) ghcr.io/jlp04/elevation-generator:test

Refresh base image

Change base image

Uh oh!

github-actions bot commented Dec 7, 2025

Overview

Uh oh!

github-actions bot commented Dec 7, 2025

Uh oh!

github-actions bot commented Dec 7, 2025

🔍 Vulnerabilities of ghcr.io/jlp04/elevation-generator:test

Impact

Patches

Workarounds

For more information

Impact

Patches

Workarounds

For more information

Impact

Patches

Workarounds

For more information

Impact

Patches

Workarounds

References

For more information

Recommendation

Uh oh!

github-actions bot commented Dec 7, 2025

Recommended fixes for image (linux/amd64) ghcr.io/jlp04/elevation-generator:test

Refresh base image

Change base image

Uh oh!

github-actions bot commented Dec 7, 2025

Overview

Uh oh!

github-actions bot commented Dec 7, 2025

Uh oh!

github-actions bot commented Dec 7, 2025

🔍 Vulnerabilities of ghcr.io/jlp04/elevation-generator:test

Impact

Patches

Workarounds

For more information

Impact

Patches

Workarounds

Update `ATC-pie` to Version 1.9.2 #10

Update `ATC-pie` to Version 1.9.2 #10

🔍 Vulnerabilities of `ghcr.io/jlp04/elevation-generator:test`

Recommended fixes for image (linux/386) `ghcr.io/jlp04/elevation-generator:test`

🔍 Vulnerabilities of `ghcr.io/jlp04/elevation-generator:test`

Recommended fixes for image (linux/amd64) `ghcr.io/jlp04/elevation-generator:test`

🔍 Vulnerabilities of `ghcr.io/jlp04/elevation-generator:test`

Recommended fixes for image (linux/arm/v5) `ghcr.io/jlp04/elevation-generator:test`

🔍 Vulnerabilities of `ghcr.io/jlp04/elevation-generator:test`

Recommended fixes for image (linux/arm/v7) `ghcr.io/jlp04/elevation-generator:test`

🔍 Vulnerabilities of `ghcr.io/jlp04/elevation-generator:test`