3 matches found
AZL-50073 CVE-2024-47764 affecting package js-jquery 3.5.0-4
cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...
AZL-44085 CVE-2020-28500 affecting package js-jquery 3.5.0-4
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions...
AZL-44634 CVE-2019-10744 affecting package js-jquery 3.5.0-4
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...