Oxygen-SA-19-01 jQuery 3.1.1
Severity: Low2019-10-29 17:48:14
Abstract
CVE-2019-11358 allow intruders to extend the native Object.prototype
when
an unsanitized source object contained an enumerable __proto__
property.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen XML Editor | Low | Resolved |
Oxygen XML Developer | Low | Resolved |
Oxygen XML Author | Low | Resolved |
Oxygen WebHelp | Low | Resolved |
Mitigation
None
Detail
CVE-2019-11358
Severity: Low
CVSS Score: 4.3
jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...)
because of
Object.prototype
pollution. If an unsanitized source object contained an
enumerable __proto__
property, it could extend the native
Object.prototype
.
Reference
Revision History
This issue was identified and responsibly reported by Stefan Vasile
If you require further assistance, or if you have any further questions regarding this security notice, please contact