Vulnerability in N/a
CVE-2019-11358
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could e…
EPSS: 0.872 (99.7th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
- chrisneagu/FTC-Skystone-Dark-Angels-Romania-2020
- DanielRuf/snyk-js-jquery-174006
- DanielRuf/snyk-js-jquery-565129
- bitnesswise/jquery-prototype-pollution-fix
- isacaya/CVE-2019-11358
- Snorlyd/https-nj.gov---CVE-2019-11358
- 10793voltrons/Voltrons2023-2024
- 10793voltrons/Voltrons2024-2025
- 10793voltrons/Voltrons_
- 11177/goal
References
- www.drupal.org/sa-core-2019-006
- www.synology.com/security/advisory/Synology_SA_19_19
- DSA-4434 (vendor-advisory)
- 20190421 [SECURITY] [DSA 4434-1] drupal7 security update (mailing-list)
- 108023 (vdb-entry)
- [airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358 (mailing-list)
- [airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358 (mailing-list)
- [airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358 (mailing-list)
- [airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358 (mailing-list)
- [airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358 (mailing-list)
Frequently asked questions
- What is CVE-2019-11358?
- CVE-2019-11358 is a vulnerability in N/a. Published 2019-04-19.
- Is CVE-2019-11358 known to be exploited?
- 6865 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.