GHSA-WV67-Q8RR-GRJP
Vulnerability from github – Published: 2019-04-23 15:59 – Updated: 2022-10-06 17:19
VLAI?
Summary
Duplicate Advisory: Prototype Pollution in jquery
Details
Duplicate Advisory
This advisory is a duplicate of GHSA-6c3j-c64m-qhgq. This link is maintained to preserve external references.
Original Description
Versions of jquery prior to 3.4.0 are vulnerable to Prototype Pollution. The extend() method allows an attacker to modify the prototype for Object causing changes in properties that will exist on all objects.
Recommendation
Upgrade to version 3.4.0 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "jquery"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "jquery"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.webjars.npm:jquery"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "jquery-rails"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-5428"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": true,
"github_reviewed_at": "2019-04-23T15:57:18Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "## Duplicate Advisory\nThis advisory is a duplicate of [GHSA-6c3j-c64m-qhgq](https://github.com/advisories/GHSA-6c3j-c64m-qhgq). This link is maintained to preserve external references.\n\n## Original Description\nVersions of `jquery` prior to 3.4.0 are vulnerable to Prototype Pollution. The extend() method allows an attacker to modify the prototype for `Object` causing changes in properties that will exist on all objects.\n\n## Recommendation\nUpgrade to version 3.4.0 or later.",
"id": "GHSA-wv67-q8rr-grjp",
"modified": "2022-10-06T17:19:37Z",
"published": "2019-04-23T15:59:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5428"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery/pull/4333"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/454365"
},
{
"type": "WEB",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/796"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Duplicate Advisory: Prototype Pollution in jquery",
"withdrawn": "2019-04-26T14:50:56Z"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…