Severity: Medium

Description: Security vulnerabilities were identified in the version of jQuery currently included in a version of HTML Commons that is part of SAS Health: Cohort Builder 2.1. HTML Commons is providing a hot fix for all versions of HTML Commons currently in the field or pending release. A fix to the SAS Health: Cohort Builder 2.1 UI is required in order to accommodate the HTML Commons fix.

Potential Impact: For details regarding the addressed vulnerabilities, reference the links listed below:

• NVD - CVE-2020-11022 (nist.gov)
• NVD - CVE-2019-11358 (nist.gov)

The fix is provided as part of SAS^® Health: Cohort Builder 2.1.1.

Click the Hot Fix tab in this note to access the hot fix for this issue.

Operating System and Release Information

Viya on Linux: An update for this issue is available for SAS Viya 3.5. For instructions on how to access and apply software updates, see the Updating Your SAS Viya software section in the SAS Viya 3.5 for Linux Deployment Guide at