UiPath Apps

The UiPath Apps Guide


7 December 2021

Security Update

An issue was fixed in the way uploaded icons are handled. The issue allowed a user with the rights to create an app to upload an HTML code instead of a valid image. This behavior could have allowed an attacker to create a malicious URL used to download the image to execute arbitrary JavaScript code.

The issue was not directly exploitable in UiPath Apps, as it required the attacker to have the rights to create an app and send the malicious icon URL to other users in order to exploit it. The vulnerability was not triggered by just browsing the application with the malicious icon.

More details can be found in the advisory section of the UiPath Trust Portal.
:warning: Erratum 16 December 2021: added link to the UiPath Trust Portal advisory for these issues.

Bug Fixes

  • Previously, when using Apps in the Automation Suite offline environment, some components were not loaded properly. This is now fixed and all components are loaded as expected.
  • Previously, when assigning an app variable in the Assign file to app variable property in the Get File from Storage bucket rule, the app variable was not saved. This is now fixed and the variable is saved.

Updated 9 months ago


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.