CVE-2019-11358: XSS
Published Mar 27, 2019
·Updated
A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.
Other sources
jQuery before 3.4.0 as used in Drupal Backdrop CMS and other products mishandles jQuery.extend(true {} ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property it could extend the native Object.prototype.
— Microsoft
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
jQuery from 1.1.4 until 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
— GitHub
jquery is a JavaScript library. It makes things like HTML document traversal and manipulation, event handling, animation, and Ajax much simpler with an easy-to-use API that works across a multitude of browsers. Affected versions of this package are vulnerable to Prototype Pollution. The extend function can be tricked into modifying the prototype of Object when the attacker controls part of the structure passed to this function. This can let an attacker add or modify an existing property that will then exist on all objects. Remediation A fix was pushed into the master branch but not yet published.
Upstream patch:
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b https://github.com/jquery/jquery/pull/4333/commits/5a853bce2d047115ef6d2b8a7e8b18a7df126ec8 https://github.com/DanielRuf/snyk-js-jquery-174006?files=1
Upstream pull request:
https://github.com/jquery/jquery/pull/4333
References:
https://snyk.io/vuln/SNYK-JS-JQUERY-174006 https://snyk.io/blog/after-three-years-of-silence-a-new-jquery-prototype-pollution-vulnerability-emerges-once-again/ https://www.zdnet.com/article/popular-jquery-javascript-library-impacted-by-prototype-pollution-flaw/ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927385 https://hackerone.com/reports/454365
External References:
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://www.drupal.org/sa-core-2019-006
— Red Hat
jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
— IBM
Affected Software
295 affected componentsFixes available
redhat/ansible-tower<0:3.5.2-1.el7a
0:3.5.2-1.el7a
redhat/cfme<0:5.10.9.1-1.el7cf
0:5.10.9.1-1.el7cf
redhat/cfme-amazon-smartstate<0:5.10.9.1-1.el7cf
0:5.10.9.1-1.el7cf
redhat/cfme-appliance<0:5.10.9.1-1.el7cf
0:5.10.9.1-1.el7cf
redhat/cfme-gemset<0:5.10.9.1-1.el7cf
0:5.10.9.1-1.el7cf
redhat/ovirt-ansible-hosted-engine-setup<0:1.0.23-1.el7e
0:1.0.23-1.el7e
redhat/ovirt-ansible-roles<0:1.1.7-1.el7e
0:1.1.7-1.el7e
redhat/ovirt-ansible-vm-infra<0:1.1.19-1.el7e
0:1.1.19-1.el7e
redhat/v2v-conversion-host<0:1.14.2-1.el7e
0:1.14.2-1.el7e
redhat/ipa<0:4.6.8-5.el7
0:4.6.8-5.el7
redhat/pcs<0:0.9.169-3.el7_9.3
0:0.9.169-3.el7_9.3
redhat/pcs<0:0.10.10-4.el8
0:0.10.10-4.el8
redhat/eap7-hal-console<0:3.3.16-1.Final_redhat_00001.1.el8ea
0:3.3.16-1.Final_redhat_00001.1.el8ea
redhat/eap7-hal-console<0:3.3.16-1.Final_redhat_00001.1.el9ea
0:3.3.16-1.Final_redhat_00001.1.el9ea
redhat/eap7-hal-console<0:3.3.16-1.Final_redhat_00001.1.el7ea
0:3.3.16-1.Final_redhat_00001.1.el7ea
redhat/atomic-enterprise-service-catalog<1:3.11.170-1.git.1.91db82e.el7
1:3.11.170-1.git.1.91db82e.el7
redhat/atomic-openshift<0:3.11.170-1.git.0.00cac56.el7
0:3.11.170-1.git.0.00cac56.el7
redhat/atomic-openshift-cluster-autoscaler<0:3.11.170-1.git.1.0a0df6a.el7
0:3.11.170-1.git.1.0a0df6a.el7
redhat/atomic-openshift-descheduler<0:3.11.170-1.git.1.9ad83f2.el7
0:3.11.170-1.git.1.9ad83f2.el7
redhat/atomic-openshift-dockerregistry<0:3.11.170-1.git.1.55fab05.el7
0:3.11.170-1.git.1.55fab05.el7
redhat/atomic-openshift-metrics-server<0:3.11.170-1.git.1.357f177.el7
0:3.11.170-1.git.1.357f177.el7
redhat/atomic-openshift-node-problem-detector<0:3.11.170-1.git.1.b1f90a6.el7
0:3.11.170-1.git.1.b1f90a6.el7
redhat/atomic-openshift-service-idler<0:3.11.170-1.git.1.8328979.el7
0:3.11.170-1.git.1.8328979.el7
redhat/atomic-openshift-web-console<0:3.11.170-1.git.1.3d64e8b.el7
0:3.11.170-1.git.1.3d64e8b.el7
redhat/cri-o<0:1.11.16-0.5.dev.rhaos3.11.git3f89eba.el7
0:1.11.16-0.5.dev.rhaos3.11.git3f89eba.el7
redhat/golang-github-openshift-oauth-proxy<0:3.11.170-1.git.1.b49be83.el7
0:3.11.170-1.git.1.b49be83.el7
redhat/golang-github-prometheus-alertmanager<0:3.11.170-1.git.1.61d7960.el7
0:3.11.170-1.git.1.61d7960.el7
redhat/golang-github-prometheus-prometheus<0:3.11.170-1.git.1.227bc98.el7
0:3.11.170-1.git.1.227bc98.el7
redhat/jenkins<0:2.204.2.1580891656-1.el7
0:2.204.2.1580891656-1.el7
redhat/jenkins<2-plugins-0:3.11.1579107288-1.el7
2-plugins-0:3.11.1579107288-1.el7
redhat/openshift-ansible<0:3.11.170-2.git.5.8802564.el7
0:3.11.170-2.git.5.8802564.el7
redhat/openshift-enterprise-autoheal<0:3.11.170-1.git.1.dfe6c52.el7
0:3.11.170-1.git.1.dfe6c52.el7
redhat/openshift-enterprise-cluster-capacity<0:3.11.170-1.git.1.661684b.el7
0:3.11.170-1.git.1.661684b.el7
redhat/openshift-kuryr<0:3.11.170-1.git.1.7265da1.el7
0:3.11.170-1.git.1.7265da1.el7
redhat/rh-sso7-keycloak<0:18.0.6-1.redhat_00001.1.el7
0:18.0.6-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:18.0.6-1.redhat_00001.1.el8
0:18.0.6-1.redhat_00001.1.el8
redhat/rh-sso7-keycloak<0:18.0.6-1.redhat_00001.1.el9
0:18.0.6-1.redhat_00001.1.el9
redhat/ovirt-engine-api-explorer<0:0.0.5-1.el7e
0:0.0.5-1.el7e
redhat/ovirt-engine-ui-extensions<0:1.0.10-1.el7e
0:1.0.10-1.el7e
redhat/ovirt-web-ui<0:1.6.0-1.el7e
0:1.6.0-1.el7e
debian/jquery<=3.1.1-2, <=3.3.1~dfsg-1
3.3.1~dfsg-23.1.1-2+deb9u1
composer/maximebf/debugbar<1.19.0
1.19.0
maven/org.webjars.npm:jquery>=1.1.4<3.4.0
3.4.0
nuget/jQuery>=1.1.4<3.4.0
3.4.0
npm/jquery>=1.1.4<3.4.0
3.4.0
pip/django>=2.2a1<2.2.2
2.2.2
pip/django>=2.0a1<2.1.9
2.1.9
rubygems/jquery-rails<4.3.4
4.3.4
jQuery JavaScript library=3.4.0
IBM ApplinX<=11.1
OSIsoft Applications using PI Asset Framework (AF) Client versions prior to and including PI AF Client 2018 SP3 Patch 1, Version 2.10.7.283
OSIsoft Applications using PI Software Development Kit (SDK) versions prior to and including PI SDK 2018 SP1, Version 1.4.7.602
OSIsoft PI API for Windows Integrated Security versions prior to and including 2.0.2.5,
OSIsoft PI API versions prior to and including 1.6.8.26
OSIsoft PI Buffer Subsystem versions prior to and including 4.8.0.18
OSIsoft PI Connector for BACnet, versions prior to and including 1.2.0.6
OSIsoft PI Connector for CygNet, versions prior to and including 1.4.0.17
OSIsoft PI Connector for DC Systems RTscada, versions prior to and including 1.2.0.42
OSIsoft PI Connector for Ethernet/IP, versions prior to and including 1.1.0.10
OSIsoft PI Connector for HART-IP, versions prior to and including 1.3.0.1
OSIsoft PI Connector for Ping, versions prior to and including 1.0.0.54
OSIsoft PI Connector for Wonderware Historian, versions prior to and including 1.5.0.88
OSIsoft PI Connector Relay, versions prior to and including 2.5.19.0
OSIsoft PI Data Archive versions prior to and including PI Data Archive 2018 SP3, Version 3.4.430.460
OSIsoft PI Data Collection Manager, versions prior to and including 2.5.19.0
OSIsoft PI Integrator for Business Analytics versions prior to and including 2018 R2 SP1, Version 2.2.0.183
OSIsoft PI Interface Configuration Utility (ICU) versions prior to and including 1.5.0.7
OSIsoft PI to OCS versions prior to and including 1.1.36.0
jQuery JQuery<3.4.0
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Drupal Drupal>=7.0<7.66
Drupal Drupal>=8.5.0<8.5.15
Drupal Drupal>=8.6.0<8.6.15
BackdropCMS Backdrop>=1.11.0<1.11.9
BackdropCMS Backdrop>=1.12.0<1.12.6
Fedoraproject Fedora=28
Fedoraproject Fedora=29
Fedoraproject Fedora=30
openSUSE Backports SLE=15.0-sp1
openSUSE Leap=15.1
NetApp OnCommand System Manager>=3.0<=3.1.3
NetApp Snapcenter
redhat Cloudforms=4.7
redhat Virtualization Manager=4.3
Oracle Agile Product Lifecycle Management for Process=6.1
Oracle Agile Product Lifecycle Management for Process=6.2.0.0
Oracle Agile Product Lifecycle Management for Process=6.2.1.0
Oracle Agile Product Lifecycle Management for Process=6.2.2.0
Oracle Agile Product Lifecycle Management for Process=6.2.3.0
Oracle Application Express<19.1
Oracle Application Service Level Management=13.2.0.0
Oracle Application Service Level Management=13.3.0.0
Oracle Application Testing Suite=12.5.0.3
Oracle Application Testing Suite=13.1.0.1
Oracle Application Testing Suite=13.2
Oracle Application Testing Suite=13.2.0.1
Oracle Application Testing Suite=13.3
Oracle Application Testing Suite=13.3.0.1
Oracle Banking Digital Experience=18.1
Oracle Banking Digital Experience=18.2
Oracle Banking Digital Experience=18.3
Oracle Banking Digital Experience=19.1
Oracle Banking Digital Experience=19.2
Oracle Banking Digital Experience=20.1
Oracle Banking Enterprise Collections>=2.7.0<=2.8.0
Oracle Banking Platform>=2.4.0<=2.10.0
Oracle BI Publisher=5.5.0.0.0
Oracle BI Publisher=12.2.1.3.0
Oracle BI Publisher=12.2.1.4.0
Oracle Big Data Discovery=1.6
Oracle Business Process Management Suite=12.2.1.3.0
Oracle Business Process Management Suite=12.2.1.4.0
Oracle Communications Analytics=12.1.1
Oracle Communications Application Session Controller=3.8m0
Oracle Communications Billing and Revenue Management=7.5
Oracle Communications Billing and Revenue Management=7.5.0.23.0
Oracle Communications Billing and Revenue Management=12.0
Oracle Communications Billing and Revenue Management=12.0.0.3.0
Oracle Communications Diameter Signaling Router=8.0.0
Oracle Communications Diameter Signaling Router=8.1
Oracle Communications Diameter Signaling Router=8.2
Oracle Communications Diameter Signaling Router=8.2.1
Oracle Communications EAGLE Application Processor>=16.1.0<=16.4.0
Oracle Communications Element Manager=8.1.1
Oracle Communications Element Manager=8.2.0
Oracle Communications Element Manager=8.2.1
Oracle Communications Interactive Session Recorder>=6.0<=6.4
Oracle Communications Operations Monitor>=4.1<=4.3
Oracle Communications Operations Monitor=3.4
Oracle Communications Operations Monitor=4.0
Oracle Communications Operations Monitor=4.1.0
Oracle Communications Services Gatekeeper=7.0
Oracle Communications Session Report Manager=8.1.1
Oracle Communications Session Report Manager=8.2.0
Oracle Communications Session Report Manager=8.2.1
Oracle Communications Session Route Manager=8.1.1
Oracle Communications Session Route Manager=8.2.0
Oracle Communications Session Route Manager=8.2.1
Oracle Communications Unified Inventory Management=7.3
Oracle Communications Unified Inventory Management=7.4.0
Oracle Communications WebRTC Session Controller=7.2
Oracle Diagnostic Assistant=2.12.36
Oracle Enterprise Manager Ops Center=12.3.3
Oracle Enterprise Manager Ops Center=12.4.0
Oracle Enterprise Manager Ops Center=12.4.0.0
Oracle Enterprise Session Border Controller=8.4
Oracle Financial Services Analytical Applications Infrastructure>=7.3.3<=7.3.5
Oracle Financial Services Analytical Applications Infrastructure>=8.0.2<=8.1.0
Oracle Financial Services Analytical Applications Reconciliation Framework>=8.0.4<=8.0.7
Oracle Financial Services Analytical Applications Reconciliation Framework=8.1.0
Oracle Financial Services Asset Liability Management>=8.0.4<=8.0.7
Oracle Financial Services Asset Liability Management=8.1.0
Oracle Financial Services Balance Sheet Planning=8.0.8
Oracle Financial Services Basel Regulatory Capital Basic>=8.0.4<=8.0.7
Oracle Financial Services Basel Regulatory Capital Basic=8.1.0
Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach>=8.0.4<=8.0.7
Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach=8.1.0
Oracle Financial Services Data Foundation>=8.0.4<=8.0.8
Oracle Financial Services Data Governance For Us Regulatory Reporting>=8.0.6<=8.0.9
Oracle Financial Services Data Integration Hub>=8.0.5<=8.0.7
Oracle Financial Services Data Integration Hub=8.1.0
Oracle Financial Services Enterprise Financial Performance Analytics=8.0.6
Oracle Financial Services Enterprise Financial Performance Analytics=8.0.7
Oracle Financial Services Funds Transfer Pricing>=8.0.4<=8.0.7
Oracle Financial Services Funds Transfer Pricing=8.1.0
Oracle Financial Services Hedge Management and IFRS Valuations>=8.0.4<=8.0.7
Oracle Financial Services Hedge Management and IFRS Valuations=8.1.0
Oracle Financial Services Institutional Performance Analytics>=8.0.4<=8.0.7
Oracle Financial Services Institutional Performance Analytics=8.1.0
Oracle Financial Services Liquidity Risk Management=8.0.0.1.0
Oracle Financial Services Liquidity Risk Management=8.0.2
Oracle Financial Services Liquidity Risk Management=8.0.4.0.0
Oracle Financial Services Liquidity Risk Management=8.0.5.0.0
Oracle Financial Services Liquidity Risk Management=8.0.6
Oracle Financial Services Liquidity Risk Measurement and Management=8.0.7
Oracle Financial Services Liquidity Risk Measurement and Management=8.0.8
Oracle Financial Services Liquidity Risk Measurement and Management=8.1.0
Oracle Financial Services Loan Loss Forecasting and Provisioning>=8.0.2<=8.0.7
Oracle Financial Services Loan Loss Forecasting and Provisioning=8.1.0
Oracle Financial Services Market Risk Measurement and Management=8.0.5
Oracle Financial Services Market Risk Measurement and Management=8.0.6
Oracle Financial Services Market Risk Measurement and Management=8.0.8
Oracle Financial Services Price Creation and Discovery>=8.0.4<=8.0.7
Oracle Financial Services Profitability Management>=8.0.4<=8.0.7
Oracle Financial Services Profitability Management=8.1.0
Oracle Financial Services Regulatory Reporting For De Nederlandsche Bank=8.0.4
Oracle Financial Services Regulatory Reporting For European Banking Authority=8.0.6
Oracle Financial Services Regulatory Reporting For European Banking Authority=8.0.7
Oracle Financial Services Regulatory Reporting For Us Federal Reserve>=8.0.4<=8.0.7
Oracle Financial Services Retail Customer Analytics>=8.0.4<=8.0.6
Oracle Financial Services Retail Performance Analytics=8.0.6
Oracle Financial Services Retail Performance Analytics=8.0.7
Oracle Financial Services Revenue Management and Billing=2.4.0.0
Oracle Financial Services Revenue Management and Billing=2.4.0.1
Oracle Fusion Middleware MapViewer=12.2.1.3.0
Oracle Healthcare Foundation=7.1.1
Oracle Healthcare Foundation=7.2.0
Oracle Healthcare Foundation=7.2.2
Oracle Healthcare Foundation=7.3.0
Oracle Healthcare Translational Research=3.1.0
Oracle Healthcare Translational Research=3.2.1
Oracle Healthcare Translational Research=3.3.1
Oracle Healthcare Translational Research=3.3.2
Oracle Healthcare Translational Research=3.4.0
Oracle Hospitality Guest Access=4.2.0
Oracle Hospitality Guest Access=4.2.1
Oracle Hospitality Materials Control=18.1
Oracle Hospitality Simphony>=19.1.0<=19.1.2
Oracle Hospitality Simphony=18.1
Oracle Hospitality Simphony=18.2
Oracle Identity Manager=12.2.1.3.0
Oracle Insurance Accounting Analyzer=8.0.9
Oracle Insurance Allocation Manager For Enterprise Profitability=8.0.8
Oracle Insurance Allocation Manager For Enterprise Profitability=8.1.0
Oracle Insurance Data Foundation>=8.0.4<=8.0.7
Oracle Insurance Ifrs 17 Analyzer=8.0.6
Oracle Insurance Ifrs 17 Analyzer=8.0.7
Oracle Insurance Insbridge Rating And Underwriting>=5.0.0.0<=5.6.0.0
Oracle Insurance Insbridge Rating And Underwriting=5.6.1.0
Oracle Insurance Performance Insight=8.0.7
Oracle JD Edwards EnterpriseOne Tools=9.2
Oracle JDeveloper=11.1.1.9.0
Oracle JDeveloper=12.2.1.3.0
Oracle JDeveloper=12.2.1.4.0
Oracle Jdeveloper And Adf=11.1.1.9.0
Oracle Jdeveloper And Adf=12.1.3.0.0
Oracle Jdeveloper And Adf=12.2.1.3.0
Oracle Knowledge>=8.6.0<=8.6.3
Oracle PeopleSoft Enterprise PeopleTools=8.55
Oracle PeopleSoft Enterprise PeopleTools=8.56
Oracle PeopleSoft Enterprise PeopleTools=8.57
Oracle PeopleSoft Enterprise PeopleTools=8.58
Oracle Policy Automation>=12.2.0<=12.2.15
Oracle Policy Automation=10.4.7
Oracle Policy Automation=12.1.0
Oracle Policy Automation=12.1.1
Oracle Policy Automation Connector For Siebel=10.4.6
Oracle Policy Automation For Mobile Devices>=12.2.0<=12.2.15
Oracle Primavera Gateway>=16.2.0<=16.2.11
Oracle Primavera Gateway>=17.12.0<=17.12.7
Oracle Primavera Gateway>=18.8.0<=18.8.9
Oracle Primavera Gateway>=19.12.0<=19.12.4
Oracle Primavera Gateway=15.2.18
Oracle Primavera Unifier>=17.7<=17.12
Oracle Primavera Unifier=16.1
Oracle Primavera Unifier=16.2
Oracle Primavera Unifier=18.8
Oracle Real-Time Scheduler>=2.3.0.1<=2.3.0.3
Oracle REST Data Services=11.2.0.4
Oracle REST Data Services=12.1.0.2
Oracle REST Data Services=12.2.0.1
Oracle REST Data Services=18c
Oracle REST Data Services=19c
Oracle Retail Back Office=14.0
Oracle Retail Back Office=14.1
Oracle Retail Central Office=14.0
Oracle Retail Central Office=14.1
Oracle Retail Customer Insights=15.0
Oracle Retail Customer Insights=16.0
Oracle Retail Customer Management and Segmentation Foundation=18.0
Oracle Retail Customer Management and Segmentation Foundation=19.0
Oracle Retail Point-of-Service=14.0
Oracle Retail Point-of-Service=14.1
Oracle Retail Returns Management=14.0
Oracle Retail Returns Management=14.1
Oracle Service Bus=11.1.1.9.0
Oracle Service Bus=12.1.3.0.0
Oracle Service Bus=12.2.1.3.0
Oracle Siebel Mobile Applications<=19.8
Oracle Siebel UI Framework=20.8
Oracle Storagetek Tape Analytics Sw Tool=2.3.0
Oracle System Utilities=19.1
Oracle Tape Library Acsls=8.5
Oracle Tape Library Acsls=8.5.1
Oracle Transportation Management=1.4.3
Oracle Utilities Mobile Workforce Management>=2.3.0.1<=2.3.0.3
Oracle WebCenter Sites=12.2.1.3.0
Oracle WebLogic Server=10.3.6.0.0
Oracle WebLogic Server=12.1.3.0.0
Oracle WebLogic Server=12.2.1.3.0
Oracle WebLogic Server=12.2.1.4.0
Oracle WebLogic Server=14.1.1.0.0
Joomla Joomla\!>=3.0.0<=3.9.4
Juniper Junos=21.2
redhat/jquery<3.4.0
3.4.0
redhat/drupal<7.66
7.66
debian/mediawiki
1:1.35.13-1+deb11u21:1.35.13-1+deb11u61:1.39.17-1~deb12u11:1.43.6+dfsg-1~deb13u11:1.43.6+dfsg-2
debian/node-jquery
3.5.1+dfsg+~3.5.5-73.6.1+dfsg+~3.5.14-13.7.1+dfsg+~3.5.33-1
debian/otrs2
6.0.32-6
Microsoft azl3 python-pygments 2.7.4-1
Microsoft azl3 orangefs 2.9.7-7
Microsoft azl3 python-pygments 2.5.2-1
Microsoft azl3 m2crypto 0.38.0-4
Remediation
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Event History
Mar 27, 2019
CVE Published
12:00 AM
Apr 19, 2019
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Apr 21, 2019
News Published
via ZDNet·09:44 PM
Apr 22, 2019
Data Sourced
via Red Hat·03:20 PM
DescriptionSeverityAffected Software
Apr 26, 2019
Advisory Published
via GitHub·04:29 PM
Jan 20, 2024
News Published
via ZDNet·03:12 AM
Sep 11, 2024
Data Sourced
via Microsoft·07:00 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·07:00 AM
Affected Software
Updated
via Microsoft·07:00 AM
DescriptionSeverity
Apr 8, 2025
Exploit Published
12:00 AM
Known Exploited
09:47 AM
Jan 11, 2026
Data Sourced
via Debian·12:58 PM
DescriptionAffected Software
Invalid Date
News Published
Invalid Date
Parent advisories
This vulnerability appears in the following advisories.
- RHSA-2019:2587
- RHSA-2020:3936
- RHSA-2022:7343
- RHSA-2020:4670
- RHSA-2020:4847
- RHSA-2021:4142
- RHSA-2023:0556
- RHSA-2023:0553
- RHSA-2023:0554
- RHSA-2023:0552
- RHBA-2020:0402
- RHSA-2020:2412
- RHSA-2020:4298
- RHSA-2020:5581
- RHSA-2020:1325
- RHSA-2023:1049
- RHSA-2019:1456
- RHSA-2023:1043
- RHSA-2023:1044
- RHSA-2023:1045
- RHBA-2019:1570
- RHSA-2019:3023
- RHSA-2019:3024
- RHSA-2023:1047
- IBM-7182522
- ICSA-20-133-02
Frequently Asked Questions
1
What is the severity of CVE-2019-11358?
CVE-2019-11358 has a severity rating of Medium according to the Common Vulnerability Scoring System (CVSS).
2
How do I fix CVE-2019-11358?
To remediate CVE-2019-11358, you should upgrade jQuery to version 3.4.0 or later.
3
Which software is affected by CVE-2019-11358?
CVE-2019-11358 affects multiple software packages including jQuery versions prior to 3.4.0 and various tools that depend on those versions.
4
What type of vulnerability is CVE-2019-11358?
CVE-2019-11358 is classified as a Prototype Pollution vulnerability.
5
What are the potential consequences of CVE-2019-11358?
Exploitation of CVE-2019-11358 could result in denial of service or unauthorized modifications to objects in the application.