Sha256: 34e6b781f547862e1b097cb9fd250d49ba23f4ec8fb90e89cb7104d282a9dfb3
Contents?: true
Size: 763 Bytes
Versions: 1
Compression:
Stored size: 763 Bytes
Contents
---
gem: jquery-rails
framework: rails
cve: 2019-11358
date: 2019-04-19
url: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
title: Prototype pollution attack through jQuery $.extend
description: |
jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...) because of
bject.prototype pollution. If an unsanitized source object contained an
enumerable __proto__ property, it could extend the native Object.prototype.
cvss_v2: 4.3
cvss_v3: 6.1
patched_versions:
- ">= 4.3.4"
related:
url:
- https://hackerone.com/reports/454365
- https://github.com/jquery/jquery/pull/4333
- https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
- https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/jquery-rails/CVE-2019-11358.yml |