-
-
Notifications
You must be signed in to change notification settings - Fork 231
Expand file tree
/
Copy pathCVE-2019-11358.yml
More file actions
22 lines (22 loc) · 781 Bytes
/
CVE-2019-11358.yml
File metadata and controls
22 lines (22 loc) · 781 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
---
gem: jquery-rails
framework: rails
cve: 2019-11358
ghsa: 6c3j-c64m-qhgq
url: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
title: Prototype pollution attack through jQuery $.extend
date: 2019-04-19
description: |
jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...) because of
bject.prototype pollution. If an unsanitized source object contained an
enumerable __proto__ property, it could extend the native Object.prototype.
cvss_v2: 4.3
cvss_v3: 6.1
patched_versions:
- ">= 4.3.4"
related:
url:
- https://hackerone.com/reports/454365
- https://github.com/jquery/jquery/pull/4333
- https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
- https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434