GHSA-6c3j-c64m-qhgq, CVE-2019-11358
nuget/jQuery
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
All versions before 3.4.0
Upgrade to version 3.4.0 or above.
2023-05-31
source |