Oxygen-SA-19-01 jQuery 3.1.1

Severity: Low2019-10-29 17:48:14

Security Advisories

Abstract

CVE-2019-11358 allow intruders to extend the native Object.prototype when an unsanitized source object contained an enumerable __proto__ property.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen XML EditorLowResolved
Oxygen XML DeveloperLowResolved
Oxygen XML AuthorLowResolved
Oxygen WebHelpLowResolved

Mitigation

None

Detail

CVE-2019-11358

Severity: Low

CVSS Score: 4.3

jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

Reference

CVE-2019-11358

Revision History

This issue was identified and responsibly reported by Stefan Vasile

If you require further assistance, or if you have any further questions regarding this security notice, please contact

List of Security Advisories

Video Tutorials
Upcoming Events
webinar
What's New in Oxygen XML 28 - Overview and Panel Discussion
December 10, 2025

Products

Features

Shop

Resources

Support

Company

© 2002-2025 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor