Oxygen-SA-19-01 jQuery 3.1.1

Severity: Low2019-10-29 17:48:14

Abstract

CVE-2019-11358 allow intruders to extend the native Object.prototype when an unsanitized source object contained an enumerable __proto__ property.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen XML EditorLowResolved
Oxygen XML DeveloperLowResolved
Oxygen XML AuthorLowResolved
Oxygen WebHelpLowResolved

Mitigation

None

Detail

CVE-2019-11358

Severity: Low

CVSS Score: 4.3

jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

Reference

CVE-2019-11358

Revision History

This issue was identified and responsibly reported by Stefan Vasile

If you require further assistance, or if you have any further questions regarding this security notice, please contact

Video Tutorials
Upcoming Events
webinar
Engage everyone in the technical documentation process - presented by Bogdan Dumitru
Wed, January 27, 2021

Products

Features

Shop

Resources

Support

Company

© 2002-2021 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor