Back to search
CVE-2019-11358
Published: Apr 19, 2019
Modified: Nov 15, 2024
PUBLISHED
Description
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-4434
vendor-advisory
108023
vdb-entry
FEDORA-2019-eba8e44ee6
vendor-advisory
FEDORA-2019-1a3edd7e8a
vendor-advisory
FEDORA-2019-7eaf0bbe7c
vendor-advisory
FEDORA-2019-2a0ce0c58c
vendor-advisory
FEDORA-2019-a06dffab1c
vendor-advisory
FEDORA-2019-f563e66380
vendor-advisory
20190509 dotCMS v5.1.1 Vulnerabilities
mailing-list
20190510 dotCMS v5.1.1 Vulnerabilities
mailing-list
RHSA-2019:1456
vendor-advisory
DSA-4460
vendor-advisory
openSUSE-SU-2019:1839
vendor-advisory
RHBA-2019:1570
vendor-advisory
openSUSE-SU-2019:1872
vendor-advisory
RHSA-2019:2587
vendor-advisory
RHSA-2019:3023
vendor-advisory
RHSA-2019:3024
vendor-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now