000demo (>=1.0.0 <=1.1.0), 03-npm-abc (>=1.0.0 <=1.1.0) +5145 more potentially affected by CVE-2019-11358 via jquery (>=1.5.1 <=3.3.1)

jquery NPM version =1.5.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.2.1, =0.1.75, =0.3.0, =4.13.7-rc4, =1.0.0-beta.4, =1.1.7, =1.1.8 - @activix/bootstrap-daterangepicker =1.3.24 and more Source cves: CVE-2019-11358 Source advisory: OSV:GHSA-6C3J-C64M-QHGQ...

FreeBSD : drupal -- Drupal core - Moderately critical (2bad8b5d-66fb-11e9-9815-78acc0a3b880)

Drupal Security Team reports : CVE-2019-10909: Escape validation messages in the PHP templating engine. CVE-2019-10910: Check service IDs are valid. CVE-2019-10911: Add a separator in the remember me cookie hash. jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extendtru...

jQuery < 3.4.0 Prototype Pollution

According to its self-reported version number, jQuery is prior to 3.4.0. Therefore, it may be affected by a prototype pollution vulnerability due to 'extend' function that can be tricked into modifying the prototype of 'Object'. Note that the scanner has not tested for these issues but has instea...

jQuery < 3.4.0 Object Extensions Vulnerability

jQuery is prone to multiple vulnerabilities regarding property injection in Object.prototype. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...

Drupal jQuery XSS Vulnerability (SA-CORE-2019-006) - Windows

Drupal is prone to a cross-site scripting vulnerability in jQuery. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"...

Drupal jQuery XSS Vulnerability (SA-CORE-2019-006) - Linux

Drupal is prone to a cross-site scripting vulnerability in jQuery. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"...

GHSA-WV67-Q8RR-GRJP Duplicate Advisory: Prototype Pollution in jquery

Duplicate Advisory This advisory is a duplicate of GHSA-6c3j-c64m-qhgq. This link is maintained to preserve external references. Original Description Versions of jquery prior to 3.4.0 are vulnerable to Prototype Pollution. The extend method allows an attacker to modify the prototype for Object...

Duplicate Advisory: Prototype Pollution in jquery

Duplicate Advisory This advisory is a duplicate of GHSA-6c3j-c64m-qhgq. This link is maintained to preserve external references. Original Description Versions of jquery prior to 3.4.0 are vulnerable to Prototype Pollution. The extend method allows an attacker to modify the prototype for Object...

The vulnerability of the jQuery.extend() function in the jQuery library allows a hacker to trigger a denial-of-service attack, execute arbitrary JavaScript code, or enhance their privileges.

The vulnerability of the jQuery.extend function in the jQuery library is related to the lack of restrictions on changes to the “proto” property when performing the extend operation. Exploiting this vulnerability can allow a malicious actor to cause service failures, execute arbitrary JavaScript...

mediawiki -- multiple vulnerabilities

Mediawiki reports: Security fixes: T197279, CVE-2019-12468: Directly POSTing to Special:ChangeEmail would allow for bypassing reauthentication, allowing for potential account takeover. T204729, CVE-2019-12473: Passing invalid titles to the API could cause a DoS by querying the entire watchlist...

Prototype Pollution

jquery is vulnerable to prototype pollution attacks. The vulnerability exists as it is possible to overwrite Object.prototype with arbitrary object properties...

jQuery cross-site scripting vulnerability (CNVD-2019-11839)

jQuery is the United States John Resig programmer of a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has a modular , plug-in extensions and other features . A cross-site scripting vulnerability exists in versions of...

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

UBUNTU-CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

AZL-41809 CVE-2019-11358 affecting package m2crypto for versions less than 0.38.0-4

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

Design/Logic Flaw

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

AZL-38200 CVE-2019-11358 affecting package orangefs for versions less than 2.9.7-7

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

AZL-44586 CVE-2019-11358 affecting package python-openstackdocstheme 3.0.0-9

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...