Security Advisory

CVE-2019-11358

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-04-19 00:00:00

Last updated 2024-11-15 15:11:23

Assigner mitre

State PUBLISHED

Description

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

← Browse all CVEs View on cve.org ↗