CVE-2019-11358

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-11358

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11358.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-11358

Aliases

GHSA-6c3j-c64m-qhgq
SNYK-JS-JQUERY-174006

Related

Published

2019-04-20T00:29:00Z

Modified

2024-09-11T04:29:14.369116Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

References

Affected packages

Debian:11 / mediawiki

Package

Name: mediawiki
Purl: pkg:deb/debian/mediawiki?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.31.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / mediawiki

Package

Name: mediawiki
Purl: pkg:deb/debian/mediawiki?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.31.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / mediawiki

Package

Name: mediawiki
Purl: pkg:deb/debian/mediawiki?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.31.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / node-jquery

Package

Name: node-jquery
Purl: pkg:deb/debian/node-jquery?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.4+dfsg-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / node-jquery

Package

Name: node-jquery
Purl: pkg:deb/debian/node-jquery?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.4+dfsg-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / node-jquery

Package

Name: node-jquery
Purl: pkg:deb/debian/node-jquery?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.4+dfsg-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / otrs2

Package

Name: otrs2
Purl: pkg:deb/debian/otrs2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.26-1

Affected versions

2.*

2.0.4p01-6

2.0.4p01-7

2.0.4p01-8

2.0.4p01-9

2.0.4p01-10

2.0.4p01-11

2.0.4p01-12

2.0.4p01-13

2.0.4p01-14

2.0.4p01-14.1

2.0.4p01-15

2.0.4p01-16

2.0.4p01-17

2.0.4p01-18

2.0.99beta1-1

2.0.99beta1-2

2.1.1-1

2.1.3-1

2.1.4-1

2.1.4-2

2.1.5-1

2.1.5-2

2.1.5-3

2.1.6-1

2.1.7-1

2.1.7-2

2.2.0~beta2-1

2.2.0~beta3-1

2.2.1-1

2.2.2-1

2.2.3-1

2.2.4-1

2.2.5-1

2.2.5-2

2.2.6-1

2.2.7-1

2.2.7-2

2.2.7-2lenny1

2.2.7-2lenny2

2.2.7-2lenny3

2.2.7-3

2.3.2-1

2.3.2-2

2.3.3-1

2.3.4-1

2.3.4-2

2.3.4-3

2.3.4-4

2.3.4-5

2.3.4-6

2.3.4-7

2.4.5-1

2.4.5-2

2.4.5-3

2.4.5-4

2.4.5-5

2.4.6-1

2.4.6-2

2.4.7-1

2.4.7-2

2.4.7-3

2.4.7-4

2.4.7-5

2.4.7-6

2.4.7+dfsg1-1

2.4.8+dfsg1-1

2.4.9+dfsg1-1

2.4.9+dfsg1-2

2.4.9+dfsg1-3

2.4.9+dfsg1-3+squeeze1

2.4.9+dfsg1-3+squeeze3

2.4.9+dfsg1-3+squeeze4

2.4.9+dfsg1-3+squeeze5

2.4.9+dfsg1-4

2.4.9+dfsg1-5

2.4.10+dfsg1-1

2.4.10+dfsg1-2

2.4.10+dfsg1-3

3.*

3.0.8+dfsg1-1

3.0.9+dfsg1-1

3.0.10+dfsg1-1

3.0.10+dfsg1-2

3.0.11+dfsg1-1

3.1.0~beta4+dfsg1-1

3.1.0~beta5+dfsg1-1

3.1.0~rc1+dfsg1-1

3.1.1+dfsg1-1

3.1.1+dfsg1-2

3.1.2+dfsg1-1

3.1.2+dfsg1-2

3.1.2+dfsg1-3

3.1.3+dfsg1-1

3.1.3+dfsg1-2

3.1.4+dfsg1-1

3.1.5+dfsg1-1

3.1.5+dfsg1-2

3.1.5+dfsg1-3

3.1.6+dfsg1-1

3.1.7+dfsg1-1

3.1.7+dfsg1-2

3.1.7+dfsg1-3

3.1.7+dfsg1-4

3.1.7+dfsg1-5

3.1.7+dfsg1-6

3.1.7+dfsg1-7

3.1.7+dfsg1-8

3.1.8+dfsg1-1

3.1.9+dfsg1-1

3.1.10+dfsg1-1

3.1.11+dfsg1-1

3.1.12+dfsg1-1

3.1.12+dfsg1-2

3.1.12+dfsg1-3

3.2.1+dfsg1-1

3.2.2+dfsg1-1

3.2.3+dfsg1-1

3.2.4-1

3.2.5-1

3.2.6-1

3.2.6-2

3.2.7-1

3.2.7-2

3.2.8-1

3.2.9-1

3.2.9-2

3.2.10-1

3.2.10-2

3.2.11-1~bpo70+1

3.2.11-1

3.2.12-1

3.3.1-1

3.3.2-1

3.3.3-1

3.3.3-2

3.3.3-3

3.3.4-1

3.3.5-1

3.3.6-1

3.3.7-1

3.3.7-2

3.3.8-1

3.3.9-1

3.3.9-2

3.3.9-3~bpo70+1

3.3.9-3

3.3.10-1

3.3.11-1

3.3.18-1~deb7u1

3.3.18-1~deb7u2

3.3.18-1~deb7u3

4.*

4.0.5-1

4.0.5-2

4.0.6-1

4.0.7-1

4.0.7-2

4.0.8-1

4.0.9-1

4.0.10-1

4.0.11-1

4.0.12-1

4.0.13-1~bpo8+1

4.0.13-1

5.*

5.0.1-1

5.0.1-2

5.0.2-1

5.0.3-1

5.0.5-1

5.0.6-1~bpo8+1

5.0.6-1

5.0.7-1

5.0.8-1~bpo8+1

5.0.8-1

5.0.8+dfsg1-1

5.0.9+dfsg1-1

5.0.9+repack1-1

5.0.10-1~bpo8+1

5.0.10-1

5.0.11-1

5.0.12-1

5.0.13-1~bpo8+1

5.0.13-1

5.0.13-2

5.0.14-1~bpo8+1

5.0.14-1

5.0.15-1

5.0.16-1~bpo8+1

5.0.16-1

5.0.17-1

5.0.18-1

5.0.19-1

5.0.20-1

5.0.21-1~bpo9+1

5.0.21-1

5.0.22-1

5.0.23-1~bpo9+1

5.0.23-1

5.0.24-1~bpo9+1

5.0.24-1

6.*

6.0.1-1

6.0.2-1

6.0.3-1

6.0.4-1

6.0.5-1

6.0.6-1

6.0.7-1

6.0.8-1~bpo9+1

6.0.8-1

6.0.9-1~bpo9+1

6.0.9-1

6.0.10-1

6.0.11-1~bpo9+1

6.0.11-1

6.0.12-1~bpo9+1

6.0.12-1

6.0.13-1

6.0.14-1

6.0.15-1

6.0.16-1

6.0.16-2

6.0.17-1

6.0.18-1

6.0.19-1

6.0.20-1~bpo10+1

6.0.20-1

6.0.21-1

6.0.22-1

6.0.23-1

6.0.23-2

6.0.24-1~bpo10+1

6.0.24-1

6.0.25-1

6.0.25-2

6.0.25-3~bpo10+1

6.0.25-3

6.0.26-1~bpo10+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/backdrop/backdrop

Affected ranges

Type: GIT
Repo: https://github.com/backdrop/backdrop
Events: Introduced

963141d57d9ba861216fa85bf8a135f65d2c06be

Fixed

17198299114cf7c5c88a1bdf597a74734751687d

Type: GIT
Repo: https://github.com/drupal/drupal
Events: Introduced

497914920385b7016ac9c9367e0198530787adf2

Fixed

9735baff3afe061f98e568c1d1f83d56f3a0212a

Type: GIT
Repo: https://github.com/joomla/joomla-cms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

390dfb708b0b92a79b90ba92c80b97986ac9f1f9

Type: GIT
Repo: https://github.com/jquery/jquery
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

753d591aea698e57d6db58c9f722cd0808619b1b

Affected versions

1.*

1.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0a

1.1

1.1.1

1.1.2

1.1.3

1.1.3.1

1.1.3a

1.1.4

1.11.0

1.11.1

1.11.2

1.11.3

1.11.4

1.11.5

1.11.6

1.11.7

1.11.8

1.1a

1.1b

1.2

1.2.1

1.2.2

1.2.2b

1.2.2b2

1.2.3a

1.2.3b

1.2.4

1.2.4a

1.2.4b

1.2.5

1.3.1rc1

1.3b1

1.3b2

1.3rc1

1.4.3rc1

1.4.3rc2

1.4.4rc1

1.4.4rc2

1.4.4rc3

1.4a1

1.4a2

1.4rc1

1.5.1rc1

1.5.2rc1

1.5b1

1.5rc1

1.6.1rc1

1.6.2rc1

1.6.3rc1

1.6.4rc1

1.6b1

1.6rc1

1.7.1rc1

1.7.2b1

1.7.2rc1

1.7.3

1.7b1

1.7b2

1.7rc1

1.8b1

1.8b2

1.8rc1

1.9.0b1

2.*

2.0.0-beta3

2.0.0b1

2.0.0b2

2.1.0-beta1

2.5.0

2.5.0_RC1

2.5.0_beta1

2.5.0_beta2

2.5.1

2.5.2

2.5.3

2.5.4

2.5.5

2.5.6

Other

3.*

3.0.0

3.0.0_alpha-1

3.0.0_alpha-2

3.0.0_beta1

3.0.1

3.0.3

3.1.0_beta1

3.1.0_beta2

3.1.0_beta3

3.1.0_beta4

3.1.0_beta5

3.1.1

3.1.5

3.2.0

3.2.0.alpha

3.2.0.beta

3.2.0.rc

3.2.1

3.2.2

3.2.3

3.2.4

3.3.0

3.3.0.beta

3.3.0.beta2

3.3.0.rc

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

3.4.0-beta1

3.4.0-beta2

3.4.0-beta3

3.4.0-rc

7.*

7.0

7.1

7.10

7.11

7.12

7.13

7.14

7.15

7.16

7.17

7.18

7.19

7.2

7.20

7.21

7.22

7.23

7.24

7.25

7.26

7.27

7.28

7.29

7.3

7.30

7.31

7.32

7.33

7.34

7.35

7.36

7.37

7.38

7.39

7.4

7.40

7.41

7.42

7.43

7.44

7.5

7.50

7.51

7.52

7.53

7.54

7.55

7.56

7.57

7.58

7.59

7.6

7.60

7.61

7.62

7.63

7.64

7.65

7.7

7.8

7.9