You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to vulnerable library: /node_modules/verdaccio/docker-examples/v4/multi-registry-uplink/server2/storage/jquery/jquery-3.3.1.tgz,/node_modules/verdaccio/docker-examples/v4/multi-registry-uplink/server1/storage/jquery/jquery-3.3.1.tgz
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
mend-bolt-for-githubbot
changed the title
CVE-2019-11358 (Medium) detected in jquery-3.3.1.tgz
CVE-2019-11358 (Medium) detected in jquery-3.3.1.tgz - autoclosed
Jun 15, 2022
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
CVE-2019-11358 - Medium Severity Vulnerability
JavaScript library for DOM operations
Library home page: https://registry.npmjs.org/jquery/-/jquery-3.3.1.tgz
Path to vulnerable library: /node_modules/verdaccio/docker-examples/v4/multi-registry-uplink/server2/storage/jquery/jquery-3.3.1.tgz,/node_modules/verdaccio/docker-examples/v4/multi-registry-uplink/server1/storage/jquery/jquery-3.3.1.tgz
Dependency Hierarchy:
Found in HEAD commit: 3339b0ce4dc0bccc3d3c2a6113bb3f40e91a5b27
Found in base branch: master
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: