VDB
DEBIAN-CVE-2019-11358
DEBIAN-CVE-2019-11358
PUBLISHED
CVSS 6.099999904632568 MEDIUM
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Risk Scores
CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | node-jquery | 0, 0, 0 |
| Debian:13 | mediawiki | 0, 0, 0 |
| Debian:14 | node-jquery | 0, 0, 0 |
| Debian:12 | node-jquery | 0, 0, 0 |
| Debian:14 | mediawiki | 0, 0, 0 |
| Debian:11 | mediawiki | 0, 0, 0 |
| Debian:11 | otrs2 | *, 2.2.4-1, * |
| Debian:11 | node-jquery | 0, 0, 0 |
| Debian:12 | mediawiki | 0, 0, 0 |
Exploit Intelligence
- ossf-cve-benchmark/CVE-2019-11358 (github-poc-repo)
- Vulnearability Report of the New Jersey official site (github-poc-repo)
- patches for SNYK-JS-JQUERY-174006, CVE-2019-11358, CVE-2019-5428 (github-poc-repo)
- isacaya/CVE-2019-11358 (github-poc-repo)
- patches for SNYK-JS-JQUERY-565129, SNYK-JS-JQUERY-567880, CVE-2020-1102, CVE-2020-11023, includes the patches for SNYK-JS-JQUERY-174006, CVE-2019-11358, CVE-2019-5428 (github-poc-repo)
- NOTICE This repository contains the public FTC SDK for the SKYSTONE (2019-2020) competition season. If you are looking for the current season's FTC SDK software, please visit the new and permanent home of the public FTC SDK: FtcRobotController repository Welcome! This GitHub repository contains the source code that is used to build an Android app to control a FIRST Tech Challenge competition robot. To use this SDK, download/clone the entire project to your local computer. Getting Started I... (github-poc-repo)
- isacaya/CVE-2019-11358 (github-poc)
- Vulnearability Report of the New Jersey official site (github-poc)
- NOTICE This repository contains the public FTC SDK for the SKYSTONE (2019-2020) competition season. If you are looking for the current season's FTC SDK software, please visit the new and permanent home of the public FTC SDK: FtcRobotController repository Welcome! This GitHub repository contains the source code that is used to build an Android app to control a FIRST Tech Challenge competition robot. To use this SDK, download/clone the entire project to your local computer. Getting Started I... (github-poc)
- patches for SNYK-JS-JQUERY-565129, SNYK-JS-JQUERY-567880, CVE-2020-1102, CVE-2020-11023, includes the patches for SNYK-JS-JQUERY-174006, CVE-2019-11358, CVE-2019-5428 (github-poc)
…and 10 more exploits
Timeline
- Apr 20, 2019 CVE Published
- Apr 28, 2026 CVE Updated