Lucene search
RubySecRUBY:JQUERY-RAILS-2019-11358HistoryApr 18, 2019 - 9:00 p.m.
Prototype pollution attack through jQuery $.extend
2019-04-1821:00:00
RubySec
blog.jquery.com
20
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.024
Percentile
90.2%
jQuery before 3.4.0 mishandles jQuery.extend(true, {}, …) because of
bject.prototype pollution. If an unsanitized source object contained an
enumerable proto property, it could extend the native Object.prototype.
Affected configurations
Node
rubyjquery-railsRange≤4.3.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ruby | jquery-rails | * | cpe:2.3:a:ruby:jquery-rails:*:*:*:*:*:*:*:* |
Related
debian
debian
[SECURITY] [DSA 4434-1] drupal7 security update
2019-04-20 12:03:09
[SECURITY] [DLA 2118-1] otrs2 security update
2020-02-24 17:03:32
[SECURITY] [DLA 1777-1] jquery security update
2019-05-06 07:42:05
nessus
nessus
Fedora 28 : drupal7 (2019-f563e66380)
2019-05-09 00:00:00
JQuery < 3.4.0 Object Prototype Pollution Vulnerability
2019-05-10 00:00:00
RHEL 7 : python-XStatic-jQuery (RHSA-2020:5581)
2020-12-18 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: drupal7-7.66-1.fc30
2019-05-09 01:34:20
[SECURITY] Fedora 30 Update: drupal7-7.69-1.fc30
2020-01-04 22:16:18
[SECURITY] Fedora 30 Update: drupal7-7.67-1.fc30
2019-05-25 01:06:23
checkpoint_advisories
checkpoint_advisories
jQuery Prototype Pollution Object Cross-Site Scripting (CVE-2019-11358)
2019-04-29 00:00:00
ibm
ibm
amazon
amazon
Medium: pcs
2023-01-18 00:16:00
osv
osv
CVE-2019-11358
2019-04-20 00:29:00
jquery - security update
2019-05-06 00:00:00
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
2019-04-26 16:29:11
atlassian
atlassian
Update jQuery to address CVE-2019-11358
2019-08-01 05:11:29
jQuery 2.2.4 is vulnerable to prototype pollution
2019-05-13 01:57:29
jQuery 2.2.4 is vulnerable to prototype pollution
2019-05-13 01:57:29
redhat
redhat
(RHSA-2020:5581) Moderate: python-XStatic-jQuery security update
2020-12-16 12:57:14
(RHSA-2020:1325) Moderate: python-XStatic-jQuery security update
2020-04-06 08:40:52
openvas
openvas
Debian: Security Advisory (DLA-1777-1)
2019-05-07 00:00:00
Django jQuery Vulnerability - Windows
2019-06-26 00:00:00
Drupal jQuery XSS Vulnerability (SA-CORE-2019-006) - Linux
2019-04-24 00:00:00
alpinelinux
alpinelinux
CVE-2019-11358
2019-04-20 00:29:00
cbl_mariner
cbl_mariner
veracode
veracode
Prototype Pollution
2019-04-22 03:41:01
githubexploit
githubexploit
Exploit for Prototype Pollution in Jquery
2020-12-01 09:18:58
Exploit for Cross-site Scripting in Jquery
2019-03-30 10:03:36
Exploit for Prototype Pollution in Jquery
2021-03-08 11:34:11
nvd
nvd
CVE-2019-11358
2019-04-20 00:29:00
CVE-2019-5428
2019-04-22 21:29:00
f5
f5
K20455158 : jQuery vulnerability CVE-2019-11358
2020-04-14 00:00:00
symantec
symantec
JQuery CVE-2019-11358 Cross Site Scripting Vulnerability
2019-04-17 00:00:00
typo3
typo3
Cross-Site Scripting in jQuery before 3.4.0
2019-05-07 00:00:00
prion
prion
Design/Logic Flaw
2019-04-20 00:29:00
github
github
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
2019-04-26 16:29:11
eZ Platform Bundled jQuery affected by CVE-2019-11358
2024-05-15 21:08:41
drupal
drupal
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-006
2019-04-17 00:00:00
debiancve
debiancve
CVE-2019-11358
2019-04-20 00:29:00
hackerone
hackerone
cvelist
cvelist
CVE-2019-11358
2019-04-19 00:00:00
friendsofphp
friendsofphp
EZSA-2019-005 Bundled jQuery affected by CVE-2019-11358
2019-07-04 12:28:00
ubuntucve
ubuntucve
CVE-2019-11358
2019-04-20 00:00:00
joomla
joomla
[20190403] - Core - Object.prototype pollution in JQuery $.extend
2019-03-25 00:00:00
redhatcve
redhatcve
CVE-2019-11358
2021-07-18 00:15:31
cve
cve
CVE-2019-11358
2019-04-20 00:29:00
CVE-2019-5428
2019-04-22 21:29:00
freebsd
freebsd
Django -- AdminURLFieldWidget XSS
2019-06-03 00:00:00
mediawiki -- multiple vulnerabilities
2019-04-23 00:00:00
archlinux
archlinux
[ASA-201906-2] python-django: cross-site scripting
2019-06-04 00:00:00
cnvd
cnvd
Silverstripe framework cross-site scripting vulnerability
2022-11-23 00:00:00
oraclelinux
oraclelinux
pcs security update
2022-11-03 00:00:00
ipa security, bug fix, and enhancement update
2020-10-06 00:00:00
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-10 00:00:00
attackerkb
attackerkb
CVE-2019-11358
2019-04-20 00:00:00
rocky
rocky
pcs security, bug fix, and enhancement update
2021-11-09 08:21:49
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
altlinux
altlinux
Security fix for the ALT Linux 9 package phpipam version 1.42.027-alt1
2020-10-21 00:00:00
Security fix for the ALT Linux 9 package mediawiki version 1.32.2-alt1
2019-06-13 00:00:00
suse
suse
Security update for python-Django (moderate)
2019-08-08 00:00:00
Security update for python-Django (moderate)
2019-08-14 00:00:00
almalinux
almalinux
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
centos
centos
ipa, python2 security update
2020-10-20 18:15:27
mageia
mageia
Updated mediawiki packages fix security vulnerabilities
2019-09-15 17:45:31
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.024
Percentile
90.2%
Related for RUBY:JQUERY-RAILS-2019-11358