Описание
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.
Отчет
Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | jquery-rjs | Not affected | ||
| Red Hat 3scale API Management Platform 2 | jquery | Will not fix | ||
| Red Hat Enterprise Linux 6 | ipa | Will not fix | ||
| Red Hat Enterprise Linux 6 | pcp | Will not fix | ||
| Red Hat Enterprise Linux 6 | python-coverage | Will not fix | ||
| Red Hat Enterprise Linux 6 | python-weberror | Will not fix | ||
| Red Hat Enterprise Linux 7 | ipsilon | Will not fix | ||
| Red Hat Enterprise Linux 7 | pcp | Will not fix | ||
| Red Hat Enterprise Linux 7 | pki-core | Will not fix | ||
| Red Hat Enterprise Linux 7 | publican | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
5.6 Medium
CVSS3
Связанные уязвимости
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other produc ...
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
EPSS
5.6 Medium
CVSS3