CVE-2019-11358

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in nuget/jQuery

Identifiers

GHSA-6c3j-c64m-qhgq, CVE-2019-11358

Package Slug

nuget/jQuery

Vulnerability

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Description

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Affected Versions

All versions before 3.4.0

Solution

Upgrade to version 3.4.0 or above.

Last Modified

2023-05-31

source