Описание
Duplicate Advisory: Prototype Pollution in jquery
Duplicate Advisory
This advisory is a duplicate of GHSA-6c3j-c64m-qhgq. This link is maintained to preserve external references.
Original Description
Versions of jquery prior to 3.4.0 are vulnerable to Prototype Pollution. The extend() method allows an attacker to modify the prototype for Object causing changes in properties that will exist on all objects.
Recommendation
Upgrade to version 3.4.0 or later.
Пакеты
jquery
< 3.4.0
3.4.0
jquery
< 3.4.0
3.4.0
org.webjars.npm:jquery
< 3.4.0
3.4.0
jquery-rails
< 3.4.0
3.4.0
CVE ID
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11358. Reason: This candidate is a duplicate of CVE-2019-11358. Notes: All CVE users should reference CVE-2019-11358 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11358. Reason: This candidate is a duplicate of CVE-2019-11358. Notes: All CVE users should reference CVE-2019-11358 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage