Описание
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| drupal7 | removed | package | ||
| jquery | fixed | 3.3.1~dfsg-2 | package | |
| jquery | fixed | 3.1.1-2+deb9u1 | stretch | package |
| node-jquery | fixed | 2.2.4+dfsg-4 | package | |
| mediawiki | fixed | 1:1.31.2-1 | package | |
| otrs2 | fixed | 6.0.26-1 | package | |
| otrs2 | ignored | stretch | package |
Примечания
https://www.drupal.org/sa-core-2019-006
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
https://github.com/DanielRuf/snyk-js-jquery-174006?files=1
https://snyk.io/vuln/SNYK-JS-JQUERY-174006
https://phabricator.wikimedia.org/T221739
https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
https://community.otrs.com/security-advisory-2020-05/
EPSS
Связанные уязвимости
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
EPSS