Lucene search
GitHub Advisory DatabaseGHSA-WV67-Q8RR-GRJPHistoryApr 23, 2019 - 3:59 p.m.
Duplicate Advisory: Prototype Pollution in jquery
2019-04-2315:59:10
GitHub Advisory Database
github.com
464
0.002 Low
EPSS
Percentile
64.4%
Duplicate Advisory
This advisory is a duplicate of GHSA-6c3j-c64m-qhgq. This link is maintained to preserve external references.
Original Description
Versions of jquery prior to 3.4.0 are vulnerable to Prototype Pollution. The extend() method allows an attacker to modify the prototype for Object causing changes in properties that will exist on all objects.
Recommendation
Upgrade to version 3.4.0 or later.
Affected configurations
Node
jqueryjqueryRange<3.4.0
ORorg.webjars.npm\Matchjquery
ORjqueryjqueryRange<3.4.0
ORjqueryjqueryRange<3.4.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| jquery-rails | lt | 3.4.0 | |
| org.webjars.npm:jquery | lt | 3.4.0 | |
| jquery | lt | 3.4.0 | |
| jquery | lt | 3.4.0 |
Related
ibm
ibm
cvelist
cvelist
CVE-2019-5428
2019-04-22 20:41:25
nodejs
nodejs
Prototype Pollution
2019-04-02 21:06:11
cve
cve
CVE-2019-5428
2019-04-22 21:29:00
openvas
openvas
jQuery < 3.4.0 Object Extensions Vulnerability
2019-04-25 00:00:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Jquery
2019-03-30 10:03:36
Exploit for Cross-site Scripting in Jquery
2020-04-14 19:12:01
nvd
nvd
CVE-2019-5428
2019-04-22 21:29:00
kitploit
kitploit
oracle
oracle
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00