VYPR
Moderate severityOSV Advisory· Published Apr 19, 2019· Updated Nov 15, 2024

CVE-2019-11358

CVE-2019-11358

Description

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
jquerynpm
>= 1.1.4, < 3.4.03.4.0
jquery-railsRubyGems
< 4.3.44.3.4
jQueryNuGet
>= 1.1.4, < 3.4.03.4.0
djangoPyPI
>= 2.0a1, < 2.1.92.1.9
djangoPyPI
>= 2.2a1, < 2.2.22.2.2
org.webjars.npm:jqueryMaven
>= 1.1.4, < 3.4.03.4.0
maximebf/debugbarPackagist
< 1.19.01.19.0

Affected products

22

Patches

Vulnerability mechanics

References

119

News mentions

0

No linked articles in our index yet.