[RUBYSEC:JQUERY-RAILS-2019-11358] Prototype pollution attack through jQuery $.extend
Severity
Medium
Affected Packages
1
Fixed Packages
1
CVEs
1
jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...) because of
bject.prototype pollution. If an unsanitized source object contained an
enumerable proto property, it could extend the native Object.prototype.
Package | Affected Version |
---|---|
pkg:gem/jquery-rails | < 4.3.4 |
Package | Fixed Version |
---|---|
pkg:gem/jquery-rails | >= 4.3.4 |
- ID
- RUBYSEC:JQUERY-RAILS-2019-11358
- Severity
- medium
- URL
- https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
- Published
-
2019-04-19T00:00:00
(5 years ago) - Modified
-
2023-06-03T14:31:20
(15 months ago) - Rights
- RubySec Security Team
- Other Advisories
-
- ALAS2-2020-1519
- ALAS2-2023-1905
- ALPINE:CVE-2019-11358
- ALSA-2020:4670
- ALSA-2020:4847
- ASA-201906-2
- DSA-4434-1
- DSA-4460-1
- ELSA-2020-3936
- ELSA-2022-7343
- FEDORA-2019-040857fd75
- FEDORA-2019-1a3edd7e8a
- FEDORA-2019-2a0ce0c58c
- FEDORA-2019-41d6ffd6f0
- FEDORA-2019-5f1a2cc839
- FEDORA-2019-7eaf0bbe7c
- FEDORA-2019-84a50e34a9
- FEDORA-2019-a06dffab1c
- FEDORA-2019-eba8e44ee6
- FEDORA-2019-f563e66380
- FREEBSD:3C5A4FE0-9EBB-11E9-9169-FCAA147E860E
- FREEBSD:FFC73E87-87F0-11E9-AD56-FCAA147E860E
- MAVEN:GHSA-6C3J-C64M-QHGQ
- NPM:GHSA-6C3J-C64M-QHGQ
- openSUSE-SU-2019:1839-1
- openSUSE-SU-2019:1872-1
- RHSA-2020:3936
- RHSA-2020:4670
- RHSA-2020:4847
- RHSA-2021:4142
- RHSA-2022:7343
- RLSA-2020:4670
- RLSA-2020:4847
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Fixed | pkg:gem/jquery-rails | jquery-rails | >= 4.3.4 | ||||
Affected | pkg:gem/jquery-rails | jquery-rails | < 4.3.4 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |