apps
2021.10
false
  • Release Notes
    • 2021.10
    • 2021.10.1
    • 2021.10.2
    • 2021.10.3
    • 2021.10.4
Apps Release Notes
Automation CloudAutomation Cloud Public SectorAutomation Suite
Last updated Apr 19, 2024

2021.10.1

7 December 2021

Security Update

An issue was fixed in the way uploaded icons are handled. The issue allowed a user with the rights to create an app to upload an HTML code instead of a valid image. This behavior could have allowed an attacker to create a malicious URL used to download the image to execute arbitrary JavaScript code.

The issue was not directly exploitable in UiPath Apps, as it required the attacker to have the rights to create an app and send the malicious icon URL to other users in order to exploit it. The vulnerability was not triggered by just browsing the application with the malicious icon.

More details can be found in the advisory section of the UiPath Trust Portal.

Important: Erratum 16 December 2021: added link to the UiPath Trust Portal advisory for these issues.

Bug Fixes

  • Previously, when using Apps in the Automation Suite offline environment, some components were not loaded properly. This is now fixed and all components are loaded as expected.
  • Previously, when assigning an app variable in the Assign file to app variable property in the Get File from Storage bucket rule, the app variable was not saved. This is now fixed and the variable is saved.
  • 7 December 2021
  • Security Update
  • Bug Fixes

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.