gsd-2019-11358
Vulnerability from gsd
Modified
2019-04-19 00:00
Details
jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...) because of
bject.prototype pollution. If an unsanitized source object contained an
enumerable __proto__ property, it could extend the native Object.prototype.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2019-11358", "description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", "id": "GSD-2019-11358", "references": [ "https://www.suse.com/security/cve/CVE-2019-11358.html", "https://www.debian.org/security/2019/dsa-4460", "https://www.debian.org/security/2019/dsa-4434", "https://access.redhat.com/errata/RHSA-2020:5581", "https://access.redhat.com/errata/RHSA-2020:4847", "https://access.redhat.com/errata/RHSA-2020:4670", "https://access.redhat.com/errata/RHSA-2020:4298", "https://access.redhat.com/errata/RHSA-2020:3936", "https://access.redhat.com/errata/RHSA-2020:2412", "https://access.redhat.com/errata/RHSA-2020:1325", "https://access.redhat.com/errata/RHBA-2020:0402", "https://access.redhat.com/errata/RHSA-2019:3024", "https://access.redhat.com/errata/RHSA-2019:3023", "https://access.redhat.com/errata/RHSA-2019:2587", "https://access.redhat.com/errata/RHBA-2019:1570", "https://access.redhat.com/errata/RHSA-2019:1456", "https://advisories.mageia.org/CVE-2019-11358.html", "https://security.archlinux.org/CVE-2019-11358", "https://linux.oracle.com/cve/CVE-2019-11358.html", "https://access.redhat.com/errata/RHSA-2021:4142", "https://access.redhat.com/errata/RHSA-2022:7343", "https://access.redhat.com/errata/RHSA-2023:0552", "https://access.redhat.com/errata/RHSA-2023:0553", "https://access.redhat.com/errata/RHSA-2023:0554", "https://access.redhat.com/errata/RHSA-2023:0556", "https://access.redhat.com/errata/RHSA-2023:1043", "https://access.redhat.com/errata/RHSA-2023:1044", "https://access.redhat.com/errata/RHSA-2023:1045", "https://access.redhat.com/errata/RHSA-2023:1047", "https://access.redhat.com/errata/RHSA-2023:1049" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "affected": [ { "package": { "ecosystem": "RubyGems", "name": "jquery-rails", "purl": "pkg:gem/jquery-rails" } } ], "aliases": [ "CVE-2019-11358" ], "details": "jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...) because of\nbject.prototype pollution. If an unsanitized source object contained an\nenumerable __proto__ property, it could extend the native Object.prototype.\n", "id": "GSD-2019-11358", "modified": "2019-04-19T00:00:00.000Z", "published": "2019-04-19T00:00:00.000Z", "references": [ { "type": "WEB", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "type": "WEB", "url": "https://hackerone.com/reports/454365" }, { "type": "WEB", "url": "https://github.com/jquery/jquery/pull/4333" }, { "type": "WEB", "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" }, { "type": "WEB", "url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434" } ], "schema_version": "1.4.0", "severity": [ { "score": 4.3, "type": "CVSS_V2" }, { "score": 6.1, "type": "CVSS_V3" } ], "summary": "Prototype pollution attack through jQuery $.extend" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-11358", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.drupal.org/sa-core-2019-006", "refsource": "CONFIRM", "url": "https://www.drupal.org/sa-core-2019-006" }, { "name": "https://www.synology.com/security/advisory/Synology_SA_19_19", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "name": "DSA-4434", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4434" }, { "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Apr/32" }, { "name": "108023", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108023" }, { "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E" }, { "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E" }, { "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E" }, { "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E" }, { "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E" }, { "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html" }, { "name": "FEDORA-2019-eba8e44ee6", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/" }, { "name": "FEDORA-2019-1a3edd7e8a", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/" }, { "name": "FEDORA-2019-7eaf0bbe7c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/" }, { "name": "FEDORA-2019-2a0ce0c58c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/" }, { "name": "FEDORA-2019-a06dffab1c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/" }, { "name": "FEDORA-2019-f563e66380", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/" }, { "name": "20190509 dotCMS v5.1.1 Vulnerabilities", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18" }, { "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11" }, { "name": "20190510 dotCMS v5.1.1 Vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10" }, { "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13" }, { "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html" }, { "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2" }, { "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "name": "RHSA-2019:1456", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "name": "DSA-4460", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4460" }, { "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "name": "openSUSE-SU-2019:1839", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" }, { "name": "RHBA-2019:1570", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:1570" }, { "name": "openSUSE-SU-2019:1872", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E" }, { "name": "RHSA-2019:2587", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2587" }, { "name": "https://security.netapp.com/advisory/ntap-20190919-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190919-0001/" }, { "name": "RHSA-2019:3023", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "name": "RHSA-2019:3024", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3024" }, { "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { "name": "https://www.tenable.com/security/tns-2019-08", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-08" }, { "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" }, { "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html" }, { "name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" }, { "name": "https://www.tenable.com/security/tns-2020-02", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2020-02" }, { "name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E" }, { "name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E" }, { "name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "name": "https://www.tenable.com/security/tns-2019-08", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-08" }, { "name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" }, { "name": "https://www.synology.com/security/advisory/Synology_SA_19_19", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "name": "https://backdropcms.org/security/backdrop-sa-core-2019-009", "refsource": "MISC", "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009" }, { "name": "https://www.drupal.org/sa-core-2019-006", "refsource": "MISC", "url": "https://www.drupal.org/sa-core-2019-006" }, { "name": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "refsource": "MISC", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "name": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006" }, { "name": "https://github.com/jquery/jquery/pull/4333", "refsource": "MISC", "url": "https://github.com/jquery/jquery/pull/4333" }, { "name": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "refsource": "MISC", "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" }, { "name": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", "refsource": "MISC", "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/" }, { "name": "https://security.netapp.com/advisory/ntap-20190919-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190919-0001/" }, { "name": "https://www.tenable.com/security/tns-2020-02", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2020-02" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", "refsource": "CONFIRM", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601" }, { "name": "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", "refsource": "CONFIRM", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1", "refsource": "MISC", "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1" }, { "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html" } ] } }, "github.com/rubysec/ruby-advisory-db": { "cve": "2019-11358", "cvss_v2": 4.3, "cvss_v3": 6.1, "date": "2019-04-19", "description": "jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...) because of\nbject.prototype pollution. If an unsanitized source object contained an\nenumerable __proto__ property, it could extend the native Object.prototype.\n", "framework": "rails", "gem": "jquery-rails", "patched_versions": [ "\u003e= 4.3.4" ], "related": { "url": [ "https://hackerone.com/reports/454365", "https://github.com/jquery/jquery/pull/4333", "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434" ] }, "title": "Prototype pollution attack through jQuery $.extend", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, "gitlab.com": { "advisories": [ { "affected_range": "\u003c4.3.4", "affected_versions": "All versions before 4.3.4", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cwe_ids": [ "CWE-1035", "CWE-79", "CWE-937" ], "date": "2021-10-01", "description": "jQuery, as used in Drupal, Backdrop CMS, and other products, mishandles `jQuery.extend(true, {}, ...)` because of `Object.prototype` pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native Object.prototype.", "fixed_versions": [ "4.3.4" ], "identifier": "CVE-2019-11358", "identifiers": [ "CVE-2019-11358" ], "package_slug": "gem/jquery-rails", "pubdate": "2019-04-20", "solution": "Upgrade to version 4.3.4 or above", "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2019-11358" ], "uuid": "932446c8-c1d5-43ad-8102-064dd8a3b25c" }, { "affected_range": "\u003c6.1.2", "affected_versions": "All versions before 3.4.0", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cwe_ids": [ "CWE-1035", "CWE-79", "CWE-937" ], "date": "2019-06-12", "description": "The jQuery library, which is included in rdoc, mishandles `jQuery.extend(true, {}, ...)` because of Object.prototype pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native `Object.prototype.`", "fixed_versions": [ "6.1.2" ], "identifier": "CVE-2019-11358", "identifiers": [ "CVE-2019-11358" ], "not_impacted": "All versions starting from 3.4.0", "package_slug": "gem/rdoc", "pubdate": "2019-04-20", "solution": "Upgrade to version 3.4 or above.", "title": "Cross-site Scripting", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "http://www.securityfocus.com/bid/108023", "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "https://seclists.org/bugtraq/2019/Apr/32" ], "uuid": "31ce5a08-acfe-442f-b450-28410dd9b4d3" }, { "affected_range": "\u003c3.4.0", "affected_versions": "All versions before 3.4.0", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cwe_ids": [ "CWE-1035", "CWE-79", "CWE-937" ], "date": "2022-02-08", "description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", "fixed_versions": [ "3.4.0" ], "identifier": "CVE-2019-11358", "identifiers": [ "GHSA-6c3j-c64m-qhgq", "CVE-2019-11358" ], "not_impacted": "All versions starting from 3.4.0", "package_slug": "npm/jquery", "pubdate": "2019-04-26", "solution": "Upgrade to version 3.4.0 or above.", "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "https://backdropcms.org/security/backdrop-sa-core-2019-009", "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "https://github.com/jquery/jquery/pull/4333", "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", "https://www.drupal.org/sa-core-2019-006", "https://access.redhat.com/errata/RHBA-2019:1570", "https://access.redhat.com/errata/RHSA-2019:1456", "https://access.redhat.com/errata/RHSA-2019:2587", "https://access.redhat.com/errata/RHSA-2019:3023", "https://access.redhat.com/errata/RHSA-2019:3024", "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E", "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E", "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E", "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E", "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E", "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E", "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E", "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E", "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", "https://seclists.org/bugtraq/2019/Apr/32", "https://seclists.org/bugtraq/2019/Jun/12", "https://seclists.org/bugtraq/2019/May/18", "https://security.netapp.com/advisory/ntap-20190919-0001/", "https://www.debian.org/security/2019/dsa-4434", "https://www.debian.org/security/2019/dsa-4460", "https://www.oracle.com/security-alerts/cpuapr2020.html", "https://www.oracle.com/security-alerts/cpujan2020.html", "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", "https://www.synology.com/security/advisory/Synology_SA_19_19", "https://www.tenable.com/security/tns-2019-08", "https://www.tenable.com/security/tns-2020-02", "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", "http://seclists.org/fulldisclosure/2019/May/10", "http://seclists.org/fulldisclosure/2019/May/11", "http://seclists.org/fulldisclosure/2019/May/13", "http://www.openwall.com/lists/oss-security/2019/06/03/2", "http://www.securityfocus.com/bid/108023", "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E", "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E", "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E", "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E", "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E", "https://www.oracle.com/security-alerts/cpujul2020.html", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", "https://www.oracle.com/security-alerts/cpuoct2020.html", "https://www.oracle.com/security-alerts/cpujan2021.html", "https://www.oracle.com/security-alerts/cpuApr2021.html", "https://www.oracle.com//security-alerts/cpujul2021.html", "https://www.oracle.com/security-alerts/cpuoct2021.html", "https://www.oracle.com/security-alerts/cpujan2022.html", "https://github.com/advisories/GHSA-6c3j-c64m-qhgq" ], "uuid": "54b5386a-59f9-43aa-88e7-0c12bd5b5e7c" }, { "affected_range": "(,3.4.0)", "affected_versions": "All versions before 3.4.0", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cwe_ids": [ "CWE-1035", "CWE-1321", "CWE-937" ], "date": "2023-05-30", "description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", "fixed_versions": [ "3.4.0" ], "identifier": "CVE-2019-11358", "identifiers": [ "GHSA-6c3j-c64m-qhgq", "CVE-2019-11358" ], "not_impacted": "All versions starting from 3.4.0", "package_slug": "nuget/jQuery", "pubdate": "2019-04-26", "solution": "Upgrade to version 3.4.0 or above.", "title": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "https://backdropcms.org/security/backdrop-sa-core-2019-009", "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "https://github.com/jquery/jquery/pull/4333", "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", "https://www.drupal.org/sa-core-2019-006", "https://access.redhat.com/errata/RHSA-2019:3023", "https://access.redhat.com/errata/RHSA-2019:3024", "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E", "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E", "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E", "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E", "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E", "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E", "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E", "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E", "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", "https://security.netapp.com/advisory/ntap-20190919-0001/", "https://www.debian.org/security/2019/dsa-4434", "https://www.debian.org/security/2019/dsa-4460", "https://www.synology.com/security/advisory/Synology_SA_19_19", "https://www.tenable.com/security/tns-2019-08", "https://www.tenable.com/security/tns-2020-02", "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", "http://www.openwall.com/lists/oss-security/2019/06/03/2", "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E", "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E", "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E", "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E", "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434", "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml", "https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226", "https://github.com/advisories/GHSA-6c3j-c64m-qhgq" ], "uuid": "d7ab203e-bc46-4788-9be7-fab6b4588496" }, { "affected_range": "\u003e=7.0,\u003c7.66||\u003e=8.5.0,\u003c8.5.15||\u003e=8.6.0,\u003c8.6.15", "affected_versions": "All versions starting from 7.0 before 7.66, all versions starting from 8.5.0 before 8.5.15, all versions starting from 8.6.0 before 8.6.15", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cwe_ids": [ "CWE-1035", "CWE-79", "CWE-937" ], "date": "2019-06-12", "description": "jQuery, as used in Drupal, Backdrop CMS, and other products, mishandles `jQuery.extend(true, {}, ...)` because of `Object.prototype` pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native `Object.prototype`.", "fixed_versions": [ "8.0.0", "8.5.15", "8.6.15" ], "identifier": "CVE-2019-11358", "identifiers": [ "CVE-2019-11358" ], "not_impacted": "All versions before 7.0, all versions starting from 7.66 before 8.5.0, all versions starting from 8.5.15 before 8.6.0, all versions starting from 8.6.15", "package_slug": "packagist/drupal/core", "pubdate": "2019-04-20", "solution": "Upgrade to versions 8.0.0, 8.5.15, 8.6.15 or above.", "title": "Cross-site Scripting", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "http://www.securityfocus.com/bid/108023", "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "https://seclists.org/bugtraq/2019/Apr/32" ], "uuid": "e2d28b24-ccea-4d03-b344-183788eacc5e" }, { "affected_range": "\u003e=2.0a1, \u003c2.1.9 || \u003e=2.2a1, \u003c2.2.2", "affected_versions": "All versions starting from 2.0a1 before 2.1.9, all versions starting from 2.2a1 before 2.2.2", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cwe_ids": [ "CWE-1035", "CWE-79", "CWE-937" ], "date": "2019-06-12", "description": "jQuery mishandles `jQuery.extend(true, {}, ...)` because of `Object.prototype` pollution. If an unsanitized source object contained an enumerable ``__proto__`` property, it could extend the native `Object.prototype`.", "fixed_versions": [ "2.2.2", "2.1.9" ], "identifier": "CVE-2019-11358", "identifiers": [ "CVE-2019-11358" ], "not_impacted": "1.x", "package_slug": "pypi/Django", "pubdate": "2019-04-19", "solution": "Upgrade to fixed version or apply patch.", "title": "Prototype pollution in jQuery", "urls": [ "https://www.djangoproject.com/weblog/2019/jun/03/security-releases/", "https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f", "https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad", "https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829" ], "uuid": "5ef876b4-198e-4388-bf3a-c88309840d43" } ] }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2D193C7-2259-492F-8B85-E74C57A7426A", "versionEndExcluding": "3.4.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC5AB839-4DAC-45E7-9D0B-B528F6D12043", "versionEndExcluding": "7.66", "versionStartIncluding": "7.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "9106BF81-B898-4EB0-B63C-9919D3B22260", "versionEndExcluding": "8.5.15", "versionStartIncluding": "8.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B37281E-9B44-42A5-AE0A-17CE6770995C", "versionEndExcluding": "8.6.15", "versionStartIncluding": "8.6.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "matchCriteriaId": "E75C32CE-3FA9-4DC2-A22A-4A841D4911EB", "versionEndExcluding": "1.11.9", "versionStartIncluding": "1.11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6F204D6-2C8A-4517-8E3C-328ED0D9D3E4", "versionEndExcluding": "1.12.6", "versionStartIncluding": "1.12.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9273745-6408-4CD3-94E8-9385D4F5FE69", "versionEndIncluding": "3.1.3", "versionStartIncluding": "3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*", "matchCriteriaId": "04AC556D-D511-4C4C-B9FB-A089BB2FEFD5", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "9FA1A18F-D997-4121-A01B-FD9B3BF266CF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "230E2167-9107-4994-8328-295575E17DF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A079FD6E-3BB0-4997-9A8E-6F8FEC89887A", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "900D2344-5160-42A0-8C49-36DBC7FF3D87", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4AA4B21-1BA9-4ED8-B9EA-558AF8655D24", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9C3F9EE5-FCFC-45B8-9F57-C05D42EE0FF0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*", "matchCriteriaId": "90CFEC52-A574-493E-A2AC-0EC21851BBFA", "versionEndExcluding": "19.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3665B8A2-1F1A-490F-B01D-5B3455A6A539", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A8577D60-A711-493D-9246-E49D0E2B07E0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "17EA8B91-7634-4636-B647-1049BA7CA088", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5B4DF46F-DBCC-41F2-A260-F83A14838F23", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "5E5BC0B6-0C66-4FC5-81F0-6AC9BEC0813E", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*", "matchCriteriaId": "C784CEE8-F071-4583-A72D-F46C7C95FEC0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", "matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", "matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", "matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", "matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", "matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*", "matchCriteriaId": "660DB443-6250-4956-ABD1-C6A522B8DCCA", "versionEndIncluding": "2.8.0", "versionStartIncluding": "2.7.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "3625D477-1338-46CB-90B1-7291D617DC39", "versionEndIncluding": "2.10.0", "versionStartIncluding": "2.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "5CD806C1-CC17-47BD-8BB0-9430C4253BC7", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9DC56004-4497-4CDD-AE76-5E3DFAE170F0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "274A0CF5-41E8-42E0-9931-F7372A65B9C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "8C4C38FF-B75B-4DF1-BFB3-C91BDD10D90E", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "55D98C27-734F-490B-92D5-251805C841B9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*", "matchCriteriaId": "B796AC70-A220-48D8-B8CD-97CF57227962", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "matchCriteriaId": "790A89FD-6B86-49AE-9B4F-AE7262915E13", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "7231AF76-3D46-41C4-83E9-6E9E12940BD9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FCA44E38-EB8C-4E2D-8611-B201F47520E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A0E3537-CB5A-40BF-B42C-CED9211B8892", "versionEndIncluding": "16.4.0", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "0C57FD3A-0CC1-4BA9-879A-8C4A40234162", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "698FB6D0-B26F-4760-9B9B-1C65FBFF2126", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F1D64BC-17BF-4DAE-B5FC-BC41F9C12DFD", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E16A16E-BFA3-4D17-9B4E-B42ADE725356", "versionEndIncluding": "6.4", "versionStartIncluding": "6.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "9264AF8A-3819-40E5-BBCB-3B6C95A0D828", "versionEndIncluding": "4.3", "versionStartIncluding": "4.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3517A27-E6EE-497C-9996-F78171BBE90F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C3CE8D5-6404-4CEB-953E-7B7961BC14D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "DB43DFD4-D058-4001-BD19-488E059F4532", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "086E2E5C-44EB-4C07-B298-C04189533996", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "AA77B994-3872-4059-854B-0974AA5593D4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5682DAEB-3810-4541-833A-568C868BCE0B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "8198E762-9AD9-452B-B1AF-516E52436B7D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "D0D177F6-25D9-4696-8528-3F57D91BAC12", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "726DB59B-00C7-444E-83F7-CB31032482AB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*", "matchCriteriaId": "80B6D265-9D72-45C3-AA2C-5B186E23CDAF", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "7015A8CB-8FA6-423E-8307-BD903244F517", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5BC32AA-78BE-468B-B92A-5A0FFFA970FA", "versionEndIncluding": "7.3.5", "versionStartIncluding": "7.3.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA699B16-5100-4485-9BB7-85B247743B17", "versionEndIncluding": "8.1.0", "versionStartIncluding": "8.0.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7E00BA1-E643-45D9-97D3-EF12C29DB262", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2ACA29E6-F393-46E5-B2B3-9158077819A9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "703DA91D-3440-4C67-AA20-78F71B1376DD", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "39B8DFFF-B037-4F29-8C8E-F4BBC3435199", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "4D0D0EAC-300D-44B1-AD4A-93A368D5DBA1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CB2A0EB-E1C7-4206-8E64-D2EE77C1CD86", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "8A566893-8DCF-49E4-93D0-0ACCEFD70D3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*", "matchCriteriaId": "A180039F-22C3-458E-967D-E07C61C69FAF", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "00E5D719-249D-48B8-BAFC-1E14D250B3F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C5F6B8C-2044-4E68-98BD-37B0CD108434", "versionEndIncluding": "8.0.8", "versionStartIncluding": "8.0.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "672949B4-1989-4AA7-806F-EEC07D07F317", "versionEndIncluding": "8.0.9", "versionStartIncluding": "8.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*", "matchCriteriaId": "73E05211-8415-42FB-9B93-959EB03B090B", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9476D1DA-C8A8-40A0-94DD-9B46C05FD461", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "7DEE0A37-6B9A-43FE-B3E0-8AB5CA368425", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "CF6A5433-A7D9-4521-9D28-E7684FB76E5B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC15899F-8528-4D10-8CD5-F67121D7F293", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F727AAC6-6D9F-4B28-B07C-6A93916C43A3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*", "matchCriteriaId": "30657F1B-D1FC-4EE6-9854-18993294A01D", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "51C17460-D326-4525-A7D1-0AED53E75E18", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "30F0991A-8507-48C4-9A8E-DE5B28C46A99", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A00142E6-EEB3-44BD-AB0D-0E5C5640557F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "00ED7CB0-96F7-4089-9047-A3AC241139C2", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "005E458D-4059-4E20-A620-B25DEBCE40C2", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "74008AEE-589F-423E-8D77-EA54C36D776A", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FD85DB06-692F-4E81-BEB7-1E41B438D1FD", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "6149C89E-0111-4CF9-90CA-0662D2F75E04", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "6CDDF6CA-6441-4606-9D2F-22A67BA46978", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "6FA0B592-A216-4320-A4FE-ABCA6B3E7D7A", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "CEA4D6CF-D54A-40DF-9B70-E13392D0BE19", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB6C521C-F104-4E26-82F2-6F63F94108BC", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "397B1A24-7C95-4A73-8363-4529A7F6CFCC", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "402B8642-7ACC-4F42-87A9-AB4D3B581751", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "EF6D5112-4055-4F89-A5B3-0DCB109481B7", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "D262848E-AA24-4057-A747-6221BA22ADF4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:*", "matchCriteriaId": "2163B848-D684-4B17-969A-36E0866C5749", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "00615085-65B2-4211-A766-551842B3356F", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8E565DA-91BE-44FC-A28F-579BE8D2281A", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "51DB64CA-8953-43BB-AEA9-D0D7E91E9FE3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "669BA301-4D29-4692-823B-CDEDD2A5BD18", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "419559E6-5441-4335-8FE1-6ADAAD9355DE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*", "matchCriteriaId": "036E4450-53C6-4322-9C7D-91DA94C9A3C9", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "89C26226-A3CF-4D36-BBDA-80E298E0A51F", "versionEndIncluding": "8.0.6", "versionStartIncluding": "8.0.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "F67D1332-621E-4756-B205-97A5CF670A19", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "6748C867-0A52-452B-B4D6-DA80396F4152", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A64B5C4C-DF69-4292-A534-EDC5955CDDAE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C7141C66-0384-4BA1-A788-91DEB7EF1361", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "06E586B3-3434-4B08-8BE3-16C528642CA5", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "26A1F27B-C3AC-4D13-B9B2-2D6CF65D07BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B95E8056-51D8-4390-ADE3-661B7AE1D7CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "4EFC8DAB-E5D8-420C-B800-08F8C5BF3F4F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9059A907-508B-4844-8D7B-0FA68C0DF6A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5ACB1D2-69CE-4B7D-9B51-D8F80E541631", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1F726C6-EA5A-40FF-8809-4F48E4AE6976", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "CD7C26E3-BB0D-4218-8176-319AEA2925C8", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "DD67072F-3CFC-480D-9360-81A05D523318", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "652E762A-BCDD-451E-9DE3-F1555C1E4B16", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*", "matchCriteriaId": "2AC63D10-2326-4542-B345-31D45B9A7408", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:*", "matchCriteriaId": "7BFD7783-BE15-421C-A550-7FE15AB53ABF", "versionEndIncluding": "19.1.2", "versionStartIncluding": "19.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*", "matchCriteriaId": "1F7BF047-03C5-4A60-B718-E222B16DBF41", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*", "matchCriteriaId": "E3A73D81-3E1A-42E6-AB96-835CDD5905F2", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AA10CA55-C155-4DAD-A109-87A80116F1A1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "66136D6D-FC52-40DB-B7B6-BA8B7758CE16", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "06514F46-544B-4404-B45C-C9584EBC3131", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3BD4BF9A-BF38-460D-974D-5B3255AAF946", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:*", "matchCriteriaId": "92D538A5-819D-4DF7-85FE-4D4EB6E230E0", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "AEDA3A88-002B-4700-9277-3187C0A3E4B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "BE886BC5-F807-4627-8233-2290817FE205", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*", "matchCriteriaId": "B47C73D0-BE89-4D87-8765-12C507F13AFF", "versionEndIncluding": "5.6.0.0", "versionStartIncluding": "5.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5B8AA91A-1880-43CD-938D-48EF58ACF2CF", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "E6B5D7DB-C70E-4926-819F-E39B79F4D0C5", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "A7506589-9B3B-49BA-B826-774BFDCC45B8", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "37EB4A1D-A875-46B7-BEB0-694D1F400CF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2233F287-6B9F-4C8A-A724-959DD3AD29AF", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2381FAB6-8D36-4389-98E4-74F3462654BA", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E587602-BA7D-4087-BE29-ACE0B01BD590", "versionEndIncluding": "8.6.3", "versionStartIncluding": "8.6.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*", "matchCriteriaId": "84668F58-6511-4E53-8213-13B440F454C1", "versionEndIncluding": "12.2.15", "versionStartIncluding": "12.2.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "9D8B3B57-73D6-4402-987F-8AE723D52F94", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "62BF043E-BCB9-433D-BA09-7357853EE127", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3F26FB80-F541-4B59-AC3C-633F49388B59", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*", "matchCriteriaId": "12D3B2F0-E9C7-432B-91C6-A6C329A84B78", "versionEndIncluding": "12.2.15", "versionStartIncluding": "12.2.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "06CF27F6-ADC1-480C-9D2E-2BD1E7330C32", "versionEndIncluding": "16.2.11", "versionStartIncluding": "16.2.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4AA3854-C9FD-4287-85A0-EE7907D1E1ED", "versionEndIncluding": "17.12.7", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8CD4002-F310-4BE4-AF7B-4BCCB17DA6FF", "versionEndIncluding": "18.8.9", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "69112C56-7747-4E11-A938-85A481529F58", "versionEndIncluding": "19.12.4", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*", "matchCriteriaId": "D9E628E7-6CC5-418C-939F-8EEA69B222A0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:*", "matchCriteriaId": "99579D88-27C0-4B93-B2F4-69B6781BC4BD", "versionEndIncluding": "2.3.0.3", "versionStartIncluding": "2.3.0.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*", "matchCriteriaId": "36FC547E-861A-418C-A314-DA09A457B13A", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*", "matchCriteriaId": "DF9FEE51-50E3-41E9-AA0D-272A640F85CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*", "matchCriteriaId": "E69E905F-2E1A-4462-9082-FF7B10474496", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*", "matchCriteriaId": "0F9B692C-8986-4F91-9EF4-2BB1E3B5C133", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*", "matchCriteriaId": "C5F4C40E-3ABC-4C59-B226-224262DCFF37", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "31C7EEA3-AA72-48DA-A112-2923DBB37773", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "83B5F416-56AE-4DC5-BCFF-49702463E716", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD4AB77A-E829-4603-AF6A-97B9CD0D687F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "6DE15D64-6F49-4F43-8079-0C7827384C86", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*", "matchCriteriaId": "36E16AEF-ACEB-413C-888C-8D250F65C180", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*", "matchCriteriaId": "9EFAEA84-E376-40A2-8C9F-3E0676FEC527", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "237968A4-AE89-44DC-8BA3-D9651F88883D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "959316A8-C3AF-4126-A242-3835ED0AD1E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E2B6C75-3EB5-4BCE-B5D1-39DD3DE94139", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "70BEF219-45EC-4A53-A815-42FBE20FC300", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1EA2023A-1AD6-41FE-A214-9D1F6021D6B6", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AA4E307-D5FA-461D-9809-BDD123AE7B74", "versionEndIncluding": "19.8", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*", "matchCriteriaId": "98B9198C-11DF-4E80-ACFC-DC719CED8C7E", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "587EE4F3-E7AC-4A69-9476-0E71E75EE7A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*", "matchCriteriaId": "A7961BBD-6411-4D32-947D-3940221C235B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "162C6FD9-AEC2-4EBA-A163-3054840B8ACE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "A6879D52-A44E-4DF8-8A3A-3613822EB469", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "5AAF89C1-AAC2-449C-90C1-895F5F8843B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F2D3FA0-BD9D-4828-AE36-1CE43D9B07D1", "versionEndIncluding": "2.3.0.3", "versionStartIncluding": "2.3.0.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D551CAB1-4312-44AA-BDA8-A030817E153A", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", "matchCriteriaId": "C63557DE-E65B-46F4-99C4-247EACCB7BBA", "versionEndIncluding": "3.9.4", "versionStartIncluding": "3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype." }, { "lang": "es", "value": "jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminaci\u00f3n de Object.prototype. Si un objeto fuente no sanitizado conten\u00eda una propiedad enumerable __proto__, podr\u00eda extender el Object.prototype nativo." } ], "id": "CVE-2019-11358", "lastModified": "2024-02-16T16:32:51.227", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-04-20T00:29:00.247", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2019/May/10" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2019/May/11" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2019/May/13" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/108023" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHBA-2019:1570" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2587" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3024" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009" }, { "source": "cve@mitre.org", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/jquery/jquery/pull/4333" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://seclists.org/bugtraq/2019/Apr/32" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "https://seclists.org/bugtraq/2019/Jun/12" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://seclists.org/bugtraq/2019/May/18" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190919-0001/" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4434" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4460" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.drupal.org/sa-core-2019-006" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2019-08" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2020-02" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-1321" } ], "source": "nvd@nist.gov", "type": "Primary" } ] } } } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.