gsd-2019-11358
Vulnerability from gsd
Modified
2019-04-19 00:00
Details
jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...) because of bject.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Aliases
Aliases



{
  "GSD": {
    "alias": "CVE-2019-11358",
    "description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.",
    "id": "GSD-2019-11358",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-11358.html",
      "https://www.debian.org/security/2019/dsa-4460",
      "https://www.debian.org/security/2019/dsa-4434",
      "https://access.redhat.com/errata/RHSA-2020:5581",
      "https://access.redhat.com/errata/RHSA-2020:4847",
      "https://access.redhat.com/errata/RHSA-2020:4670",
      "https://access.redhat.com/errata/RHSA-2020:4298",
      "https://access.redhat.com/errata/RHSA-2020:3936",
      "https://access.redhat.com/errata/RHSA-2020:2412",
      "https://access.redhat.com/errata/RHSA-2020:1325",
      "https://access.redhat.com/errata/RHBA-2020:0402",
      "https://access.redhat.com/errata/RHSA-2019:3024",
      "https://access.redhat.com/errata/RHSA-2019:3023",
      "https://access.redhat.com/errata/RHSA-2019:2587",
      "https://access.redhat.com/errata/RHBA-2019:1570",
      "https://access.redhat.com/errata/RHSA-2019:1456",
      "https://advisories.mageia.org/CVE-2019-11358.html",
      "https://security.archlinux.org/CVE-2019-11358",
      "https://linux.oracle.com/cve/CVE-2019-11358.html",
      "https://access.redhat.com/errata/RHSA-2021:4142",
      "https://access.redhat.com/errata/RHSA-2022:7343",
      "https://access.redhat.com/errata/RHSA-2023:0552",
      "https://access.redhat.com/errata/RHSA-2023:0553",
      "https://access.redhat.com/errata/RHSA-2023:0554",
      "https://access.redhat.com/errata/RHSA-2023:0556",
      "https://access.redhat.com/errata/RHSA-2023:1043",
      "https://access.redhat.com/errata/RHSA-2023:1044",
      "https://access.redhat.com/errata/RHSA-2023:1045",
      "https://access.redhat.com/errata/RHSA-2023:1047",
      "https://access.redhat.com/errata/RHSA-2023:1049"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "jquery-rails",
            "purl": "pkg:gem/jquery-rails"
          }
        }
      ],
      "aliases": [
        "CVE-2019-11358"
      ],
      "details": "jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...) because of\nbject.prototype pollution. If an unsanitized source object contained an\nenumerable __proto__ property, it could extend the native Object.prototype.\n",
      "id": "GSD-2019-11358",
      "modified": "2019-04-19T00:00:00.000Z",
      "published": "2019-04-19T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
        },
        {
          "type": "WEB",
          "url": "https://hackerone.com/reports/454365"
        },
        {
          "type": "WEB",
          "url": "https://github.com/jquery/jquery/pull/4333"
        },
        {
          "type": "WEB",
          "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
        },
        {
          "type": "WEB",
          "url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": 4.3,
          "type": "CVSS_V2"
        },
        {
          "score": 6.1,
          "type": "CVSS_V3"
        }
      ],
      "summary": "Prototype pollution attack through jQuery $.extend"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-11358",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.drupal.org/sa-core-2019-006",
            "refsource": "CONFIRM",
            "url": "https://www.drupal.org/sa-core-2019-006"
          },
          {
            "name": "https://www.synology.com/security/advisory/Synology_SA_19_19",
            "refsource": "CONFIRM",
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
          },
          {
            "name": "DSA-4434",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2019/dsa-4434"
          },
          {
            "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
            "refsource": "BUGTRAQ",
            "url": "https://seclists.org/bugtraq/2019/Apr/32"
          },
          {
            "name": "108023",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/108023"
          },
          {
            "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E"
          },
          {
            "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E"
          },
          {
            "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E"
          },
          {
            "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E"
          },
          {
            "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
          },
          {
            "name": "FEDORA-2019-eba8e44ee6",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
          },
          {
            "name": "FEDORA-2019-1a3edd7e8a",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
          },
          {
            "name": "FEDORA-2019-7eaf0bbe7c",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
          },
          {
            "name": "FEDORA-2019-2a0ce0c58c",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
          },
          {
            "name": "FEDORA-2019-a06dffab1c",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
          },
          {
            "name": "FEDORA-2019-f563e66380",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
          },
          {
            "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "https://seclists.org/bugtraq/2019/May/18"
          },
          {
            "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
          },
          {
            "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2019/May/11"
          },
          {
            "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2019/May/10"
          },
          {
            "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2019/May/13"
          },
          {
            "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
          },
          {
            "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
          },
          {
            "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
          },
          {
            "name": "RHSA-2019:1456",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:1456"
          },
          {
            "name": "DSA-4460",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2019/dsa-4460"
          },
          {
            "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
            "refsource": "BUGTRAQ",
            "url": "https://seclists.org/bugtraq/2019/Jun/12"
          },
          {
            "name": "openSUSE-SU-2019:1839",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
          },
          {
            "name": "RHBA-2019:1570",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHBA-2019:1570"
          },
          {
            "name": "openSUSE-SU-2019:1872",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
          },
          {
            "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E"
          },
          {
            "name": "RHSA-2019:2587",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:2587"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20190919-0001/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
          },
          {
            "name": "RHSA-2019:3023",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:3023"
          },
          {
            "name": "RHSA-2019:3024",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:3024"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "https://www.tenable.com/security/tns-2019-08",
            "refsource": "CONFIRM",
            "url": "https://www.tenable.com/security/tns-2019-08"
          },
          {
            "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
          },
          {
            "name": "https://www.tenable.com/security/tns-2020-02",
            "refsource": "CONFIRM",
            "url": "https://www.tenable.com/security/tns-2020-02"
          },
          {
            "name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E"
          },
          {
            "name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "name": "https://www.tenable.com/security/tns-2019-08",
            "refsource": "CONFIRM",
            "url": "https://www.tenable.com/security/tns-2019-08"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
          },
          {
            "name": "https://www.synology.com/security/advisory/Synology_SA_19_19",
            "refsource": "CONFIRM",
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
          },
          {
            "name": "https://backdropcms.org/security/backdrop-sa-core-2019-009",
            "refsource": "MISC",
            "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
          },
          {
            "name": "https://www.drupal.org/sa-core-2019-006",
            "refsource": "MISC",
            "url": "https://www.drupal.org/sa-core-2019-006"
          },
          {
            "name": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
            "refsource": "MISC",
            "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
          },
          {
            "name": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006",
            "refsource": "MISC",
            "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
          },
          {
            "name": "https://github.com/jquery/jquery/pull/4333",
            "refsource": "MISC",
            "url": "https://github.com/jquery/jquery/pull/4333"
          },
          {
            "name": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b",
            "refsource": "MISC",
            "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
          },
          {
            "name": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/",
            "refsource": "MISC",
            "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20190919-0001/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
          },
          {
            "name": "https://www.tenable.com/security/tns-2020-02",
            "refsource": "CONFIRM",
            "url": "https://www.tenable.com/security/tns-2020-02"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
            "refsource": "CONFIRM",
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
            "refsource": "CONFIRM",
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "name": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1",
            "refsource": "MISC",
            "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
          },
          {
            "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
          }
        ]
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2019-11358",
      "cvss_v2": 4.3,
      "cvss_v3": 6.1,
      "date": "2019-04-19",
      "description": "jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...) because of\nbject.prototype pollution. If an unsanitized source object contained an\nenumerable __proto__ property, it could extend the native Object.prototype.\n",
      "framework": "rails",
      "gem": "jquery-rails",
      "patched_versions": [
        "\u003e= 4.3.4"
      ],
      "related": {
        "url": [
          "https://hackerone.com/reports/454365",
          "https://github.com/jquery/jquery/pull/4333",
          "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b",
          "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434"
        ]
      },
      "title": "Prototype pollution attack through jQuery $.extend",
      "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c4.3.4",
          "affected_versions": "All versions before 4.3.4",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2021-10-01",
          "description": "jQuery, as used in Drupal, Backdrop CMS, and other products, mishandles `jQuery.extend(true, {}, ...)` because of `Object.prototype` pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native Object.prototype.",
          "fixed_versions": [
            "4.3.4"
          ],
          "identifier": "CVE-2019-11358",
          "identifiers": [
            "CVE-2019-11358"
          ],
          "package_slug": "gem/jquery-rails",
          "pubdate": "2019-04-20",
          "solution": "Upgrade to version 4.3.4 or above",
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
          ],
          "uuid": "932446c8-c1d5-43ad-8102-064dd8a3b25c"
        },
        {
          "affected_range": "\u003c6.1.2",
          "affected_versions": "All versions before 3.4.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2019-06-12",
          "description": "The jQuery library, which is included in rdoc, mishandles `jQuery.extend(true, {}, ...)` because of Object.prototype pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native `Object.prototype.`",
          "fixed_versions": [
            "6.1.2"
          ],
          "identifier": "CVE-2019-11358",
          "identifiers": [
            "CVE-2019-11358"
          ],
          "not_impacted": "All versions starting from 3.4.0",
          "package_slug": "gem/rdoc",
          "pubdate": "2019-04-20",
          "solution": "Upgrade to version 3.4 or above.",
          "title": "Cross-site Scripting",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
            "http://www.securityfocus.com/bid/108023",
            "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
            "https://seclists.org/bugtraq/2019/Apr/32"
          ],
          "uuid": "31ce5a08-acfe-442f-b450-28410dd9b4d3"
        },
        {
          "affected_range": "\u003c3.4.0",
          "affected_versions": "All versions before 3.4.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2022-02-08",
          "description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.",
          "fixed_versions": [
            "3.4.0"
          ],
          "identifier": "CVE-2019-11358",
          "identifiers": [
            "GHSA-6c3j-c64m-qhgq",
            "CVE-2019-11358"
          ],
          "not_impacted": "All versions starting from 3.4.0",
          "package_slug": "npm/jquery",
          "pubdate": "2019-04-26",
          "solution": "Upgrade to version 3.4.0 or above.",
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
            "https://backdropcms.org/security/backdrop-sa-core-2019-009",
            "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
            "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b",
            "https://github.com/jquery/jquery/pull/4333",
            "https://snyk.io/vuln/SNYK-JS-JQUERY-174006",
            "https://www.drupal.org/sa-core-2019-006",
            "https://access.redhat.com/errata/RHBA-2019:1570",
            "https://access.redhat.com/errata/RHSA-2019:1456",
            "https://access.redhat.com/errata/RHSA-2019:2587",
            "https://access.redhat.com/errata/RHSA-2019:3023",
            "https://access.redhat.com/errata/RHSA-2019:3024",
            "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E",
            "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
            "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E",
            "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E",
            "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E",
            "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
            "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E",
            "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E",
            "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E",
            "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
            "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E",
            "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E",
            "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E",
            "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E",
            "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html",
            "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html",
            "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/",
            "https://seclists.org/bugtraq/2019/Apr/32",
            "https://seclists.org/bugtraq/2019/Jun/12",
            "https://seclists.org/bugtraq/2019/May/18",
            "https://security.netapp.com/advisory/ntap-20190919-0001/",
            "https://www.debian.org/security/2019/dsa-4434",
            "https://www.debian.org/security/2019/dsa-4460",
            "https://www.oracle.com/security-alerts/cpuapr2020.html",
            "https://www.oracle.com/security-alerts/cpujan2020.html",
            "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
            "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/",
            "https://www.synology.com/security/advisory/Synology_SA_19_19",
            "https://www.tenable.com/security/tns-2019-08",
            "https://www.tenable.com/security/tns-2020-02",
            "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html",
            "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html",
            "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
            "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
            "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
            "http://seclists.org/fulldisclosure/2019/May/10",
            "http://seclists.org/fulldisclosure/2019/May/11",
            "http://seclists.org/fulldisclosure/2019/May/13",
            "http://www.openwall.com/lists/oss-security/2019/06/03/2",
            "http://www.securityfocus.com/bid/108023",
            "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E",
            "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E",
            "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E",
            "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E",
            "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E",
            "https://www.oracle.com/security-alerts/cpujul2020.html",
            "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
            "https://www.oracle.com/security-alerts/cpuoct2020.html",
            "https://www.oracle.com/security-alerts/cpujan2021.html",
            "https://www.oracle.com/security-alerts/cpuApr2021.html",
            "https://www.oracle.com//security-alerts/cpujul2021.html",
            "https://www.oracle.com/security-alerts/cpuoct2021.html",
            "https://www.oracle.com/security-alerts/cpujan2022.html",
            "https://github.com/advisories/GHSA-6c3j-c64m-qhgq"
          ],
          "uuid": "54b5386a-59f9-43aa-88e7-0c12bd5b5e7c"
        },
        {
          "affected_range": "(,3.4.0)",
          "affected_versions": "All versions before 3.4.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-1321",
            "CWE-937"
          ],
          "date": "2023-05-30",
          "description": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.",
          "fixed_versions": [
            "3.4.0"
          ],
          "identifier": "CVE-2019-11358",
          "identifiers": [
            "GHSA-6c3j-c64m-qhgq",
            "CVE-2019-11358"
          ],
          "not_impacted": "All versions starting from 3.4.0",
          "package_slug": "nuget/jQuery",
          "pubdate": "2019-04-26",
          "solution": "Upgrade to version 3.4.0 or above.",
          "title": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
            "https://backdropcms.org/security/backdrop-sa-core-2019-009",
            "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
            "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b",
            "https://github.com/jquery/jquery/pull/4333",
            "https://snyk.io/vuln/SNYK-JS-JQUERY-174006",
            "https://www.drupal.org/sa-core-2019-006",
            "https://access.redhat.com/errata/RHSA-2019:3023",
            "https://access.redhat.com/errata/RHSA-2019:3024",
            "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E",
            "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
            "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E",
            "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E",
            "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E",
            "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
            "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E",
            "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E",
            "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E",
            "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
            "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E",
            "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E",
            "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E",
            "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E",
            "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html",
            "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html",
            "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/",
            "https://security.netapp.com/advisory/ntap-20190919-0001/",
            "https://www.debian.org/security/2019/dsa-4434",
            "https://www.debian.org/security/2019/dsa-4460",
            "https://www.synology.com/security/advisory/Synology_SA_19_19",
            "https://www.tenable.com/security/tns-2019-08",
            "https://www.tenable.com/security/tns-2020-02",
            "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html",
            "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html",
            "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
            "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
            "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
            "http://www.openwall.com/lists/oss-security/2019/06/03/2",
            "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E",
            "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E",
            "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E",
            "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E",
            "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E",
            "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
            "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434",
            "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2019-11358.yml",
            "https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450226",
            "https://github.com/advisories/GHSA-6c3j-c64m-qhgq"
          ],
          "uuid": "d7ab203e-bc46-4788-9be7-fab6b4588496"
        },
        {
          "affected_range": "\u003e=7.0,\u003c7.66||\u003e=8.5.0,\u003c8.5.15||\u003e=8.6.0,\u003c8.6.15",
          "affected_versions": "All versions starting from 7.0 before 7.66, all versions starting from 8.5.0 before 8.5.15, all versions starting from 8.6.0 before 8.6.15",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2019-06-12",
          "description": "jQuery, as used in Drupal, Backdrop CMS, and other products, mishandles `jQuery.extend(true, {}, ...)` because of `Object.prototype` pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native `Object.prototype`.",
          "fixed_versions": [
            "8.0.0",
            "8.5.15",
            "8.6.15"
          ],
          "identifier": "CVE-2019-11358",
          "identifiers": [
            "CVE-2019-11358"
          ],
          "not_impacted": "All versions before 7.0, all versions starting from 7.66 before 8.5.0, all versions starting from 8.5.15 before 8.6.0, all versions starting from 8.6.15",
          "package_slug": "packagist/drupal/core",
          "pubdate": "2019-04-20",
          "solution": "Upgrade to versions 8.0.0, 8.5.15, 8.6.15 or above.",
          "title": "Cross-site Scripting",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
            "http://www.securityfocus.com/bid/108023",
            "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
            "https://seclists.org/bugtraq/2019/Apr/32"
          ],
          "uuid": "e2d28b24-ccea-4d03-b344-183788eacc5e"
        },
        {
          "affected_range": "\u003e=2.0a1, \u003c2.1.9 || \u003e=2.2a1, \u003c2.2.2",
          "affected_versions": "All versions starting from 2.0a1 before 2.1.9, all versions starting from 2.2a1 before 2.2.2",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2019-06-12",
          "description": "jQuery mishandles `jQuery.extend(true, {}, ...)` because of `Object.prototype` pollution. If an unsanitized source object contained an enumerable ``__proto__`` property, it could extend the native `Object.prototype`.",
          "fixed_versions": [
            "2.2.2",
            "2.1.9"
          ],
          "identifier": "CVE-2019-11358",
          "identifiers": [
            "CVE-2019-11358"
          ],
          "not_impacted": "1.x",
          "package_slug": "pypi/Django",
          "pubdate": "2019-04-19",
          "solution": "Upgrade to fixed version or apply patch.",
          "title": "Prototype pollution in jQuery",
          "urls": [
            "https://www.djangoproject.com/weblog/2019/jun/03/security-releases/",
            "https://github.com/django/django/commit/34ec52269ade54af31a021b12969913129571a3f",
            "https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad",
            "https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829"
          ],
          "uuid": "5ef876b4-198e-4388-bf3a-c88309840d43"
        }
      ]
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D2D193C7-2259-492F-8B85-E74C57A7426A",
                    "versionEndExcluding": "3.4.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FC5AB839-4DAC-45E7-9D0B-B528F6D12043",
                    "versionEndExcluding": "7.66",
                    "versionStartIncluding": "7.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9106BF81-B898-4EB0-B63C-9919D3B22260",
                    "versionEndExcluding": "8.5.15",
                    "versionStartIncluding": "8.5.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9B37281E-9B44-42A5-AE0A-17CE6770995C",
                    "versionEndExcluding": "8.6.15",
                    "versionStartIncluding": "8.6.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E75C32CE-3FA9-4DC2-A22A-4A841D4911EB",
                    "versionEndExcluding": "1.11.9",
                    "versionStartIncluding": "1.11.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F6F204D6-2C8A-4517-8E3C-328ED0D9D3E4",
                    "versionEndExcluding": "1.12.6",
                    "versionStartIncluding": "1.12.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                    "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
                    "matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B9273745-6408-4CD3-94E8-9385D4F5FE69",
                    "versionEndIncluding": "3.1.3",
                    "versionStartIncluding": "3.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "04AC556D-D511-4C4C-B9FB-A089BB2FEFD5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9FA1A18F-D997-4121-A01B-FD9B3BF266CF",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "230E2167-9107-4994-8328-295575E17DF6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A079FD6E-3BB0-4997-9A8E-6F8FEC89887A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "900D2344-5160-42A0-8C49-36DBC7FF3D87",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A4AA4B21-1BA9-4ED8-B9EA-558AF8655D24",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9C3F9EE5-FCFC-45B8-9F57-C05D42EE0FF0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "90CFEC52-A574-493E-A2AC-0EC21851BBFA",
                    "versionEndExcluding": "19.1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3665B8A2-1F1A-490F-B01D-5B3455A6A539",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A8577D60-A711-493D-9246-E49D0E2B07E0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "17EA8B91-7634-4636-B647-1049BA7CA088",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5B4DF46F-DBCC-41F2-A260-F83A14838F23",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5E5BC0B6-0C66-4FC5-81F0-6AC9BEC0813E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C784CEE8-F071-4583-A72D-F46C7C95FEC0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "660DB443-6250-4956-ABD1-C6A522B8DCCA",
                    "versionEndIncluding": "2.8.0",
                    "versionStartIncluding": "2.7.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3625D477-1338-46CB-90B1-7291D617DC39",
                    "versionEndIncluding": "2.10.0",
                    "versionStartIncluding": "2.4.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5CD806C1-CC17-47BD-8BB0-9430C4253BC7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9DC56004-4497-4CDD-AE76-5E3DFAE170F0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "274A0CF5-41E8-42E0-9931-F7372A65B9C4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8C4C38FF-B75B-4DF1-BFB3-C91BDD10D90E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "55D98C27-734F-490B-92D5-251805C841B9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B796AC70-A220-48D8-B8CD-97CF57227962",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "790A89FD-6B86-49AE-9B4F-AE7262915E13",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7231AF76-3D46-41C4-83E9-6E9E12940BD9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FCA44E38-EB8C-4E2D-8611-B201F47520E9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1A0E3537-CB5A-40BF-B42C-CED9211B8892",
                    "versionEndIncluding": "16.4.0",
                    "versionStartIncluding": "16.1.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0C57FD3A-0CC1-4BA9-879A-8C4A40234162",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "698FB6D0-B26F-4760-9B9B-1C65FBFF2126",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4F1D64BC-17BF-4DAE-B5FC-BC41F9C12DFD",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4E16A16E-BFA3-4D17-9B4E-B42ADE725356",
                    "versionEndIncluding": "6.4",
                    "versionStartIncluding": "6.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9264AF8A-3819-40E5-BBCB-3B6C95A0D828",
                    "versionEndIncluding": "4.3",
                    "versionStartIncluding": "4.1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E3517A27-E6EE-497C-9996-F78171BBE90F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1C3CE8D5-6404-4CEB-953E-7B7961BC14D6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DB43DFD4-D058-4001-BD19-488E059F4532",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "086E2E5C-44EB-4C07-B298-C04189533996",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AA77B994-3872-4059-854B-0974AA5593D4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5682DAEB-3810-4541-833A-568C868BCE0B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8198E762-9AD9-452B-B1AF-516E52436B7D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D0D177F6-25D9-4696-8528-3F57D91BAC12",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "726DB59B-00C7-444E-83F7-CB31032482AB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*",
                    "matchCriteriaId": "80B6D265-9D72-45C3-AA2C-5B186E23CDAF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7015A8CB-8FA6-423E-8307-BD903244F517",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B5BC32AA-78BE-468B-B92A-5A0FFFA970FA",
                    "versionEndIncluding": "7.3.5",
                    "versionStartIncluding": "7.3.3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FA699B16-5100-4485-9BB7-85B247743B17",
                    "versionEndIncluding": "8.1.0",
                    "versionStartIncluding": "8.0.2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A7E00BA1-E643-45D9-97D3-EF12C29DB262",
                    "versionEndIncluding": "8.0.7",
                    "versionStartIncluding": "8.0.4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2ACA29E6-F393-46E5-B2B3-9158077819A9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "703DA91D-3440-4C67-AA20-78F71B1376DD",
                    "versionEndIncluding": "8.0.7",
                    "versionStartIncluding": "8.0.4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "39B8DFFF-B037-4F29-8C8E-F4BBC3435199",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4D0D0EAC-300D-44B1-AD4A-93A368D5DBA1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9CB2A0EB-E1C7-4206-8E64-D2EE77C1CD86",
                    "versionEndIncluding": "8.0.7",
                    "versionStartIncluding": "8.0.4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8A566893-8DCF-49E4-93D0-0ACCEFD70D3D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A180039F-22C3-458E-967D-E07C61C69FAF",
                    "versionEndIncluding": "8.0.7",
                    "versionStartIncluding": "8.0.4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "00E5D719-249D-48B8-BAFC-1E14D250B3F6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2C5F6B8C-2044-4E68-98BD-37B0CD108434",
                    "versionEndIncluding": "8.0.8",
                    "versionStartIncluding": "8.0.4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "672949B4-1989-4AA7-806F-EEC07D07F317",
                    "versionEndIncluding": "8.0.9",
                    "versionStartIncluding": "8.0.6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "73E05211-8415-42FB-9B93-959EB03B090B",
                    "versionEndIncluding": "8.0.7",
                    "versionStartIncluding": "8.0.5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9476D1DA-C8A8-40A0-94DD-9B46C05FD461",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7DEE0A37-6B9A-43FE-B3E0-8AB5CA368425",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CF6A5433-A7D9-4521-9D28-E7684FB76E5B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AC15899F-8528-4D10-8CD5-F67121D7F293",
                    "versionEndIncluding": "8.0.7",
                    "versionStartIncluding": "8.0.4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F727AAC6-6D9F-4B28-B07C-6A93916C43A3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "30657F1B-D1FC-4EE6-9854-18993294A01D",
                    "versionEndIncluding": "8.0.7",
                    "versionStartIncluding": "8.0.4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "51C17460-D326-4525-A7D1-0AED53E75E18",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "30F0991A-8507-48C4-9A8E-DE5B28C46A99",
                    "versionEndIncluding": "8.0.7",
                    "versionStartIncluding": "8.0.4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A00142E6-EEB3-44BD-AB0D-0E5C5640557F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "00ED7CB0-96F7-4089-9047-A3AC241139C2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "005E458D-4059-4E20-A620-B25DEBCE40C2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "74008AEE-589F-423E-8D77-EA54C36D776A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FD85DB06-692F-4E81-BEB7-1E41B438D1FD",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6149C89E-0111-4CF9-90CA-0662D2F75E04",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6CDDF6CA-6441-4606-9D2F-22A67BA46978",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6FA0B592-A216-4320-A4FE-ABCA6B3E7D7A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CEA4D6CF-D54A-40DF-9B70-E13392D0BE19",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DB6C521C-F104-4E26-82F2-6F63F94108BC",
                    "versionEndIncluding": "8.0.7",
                    "versionStartIncluding": "8.0.2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "397B1A24-7C95-4A73-8363-4529A7F6CFCC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "402B8642-7ACC-4F42-87A9-AB4D3B581751",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EF6D5112-4055-4F89-A5B3-0DCB109481B7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D262848E-AA24-4057-A747-6221BA22ADF4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2163B848-D684-4B17-969A-36E0866C5749",
                    "versionEndIncluding": "8.0.7",
                    "versionStartIncluding": "8.0.4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "00615085-65B2-4211-A766-551842B3356F",
                    "versionEndIncluding": "8.0.7",
                    "versionStartIncluding": "8.0.4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F8E565DA-91BE-44FC-A28F-579BE8D2281A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "51DB64CA-8953-43BB-AEA9-D0D7E91E9FE3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "669BA301-4D29-4692-823B-CDEDD2A5BD18",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "419559E6-5441-4335-8FE1-6ADAAD9355DE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "036E4450-53C6-4322-9C7D-91DA94C9A3C9",
                    "versionEndIncluding": "8.0.7",
                    "versionStartIncluding": "8.0.4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "89C26226-A3CF-4D36-BBDA-80E298E0A51F",
                    "versionEndIncluding": "8.0.6",
                    "versionStartIncluding": "8.0.4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F67D1332-621E-4756-B205-97A5CF670A19",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6748C867-0A52-452B-B4D6-DA80396F4152",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A64B5C4C-DF69-4292-A534-EDC5955CDDAE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C7141C66-0384-4BA1-A788-91DEB7EF1361",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "06E586B3-3434-4B08-8BE3-16C528642CA5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "26A1F27B-C3AC-4D13-B9B2-2D6CF65D07BC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B95E8056-51D8-4390-ADE3-661B7AE1D7CE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4EFC8DAB-E5D8-420C-B800-08F8C5BF3F4F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9059A907-508B-4844-8D7B-0FA68C0DF6A6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A5ACB1D2-69CE-4B7D-9B51-D8F80E541631",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B1F726C6-EA5A-40FF-8809-4F48E4AE6976",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CD7C26E3-BB0D-4218-8176-319AEA2925C8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DD67072F-3CFC-480D-9360-81A05D523318",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "652E762A-BCDD-451E-9DE3-F1555C1E4B16",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2AC63D10-2326-4542-B345-31D45B9A7408",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7BFD7783-BE15-421C-A550-7FE15AB53ABF",
                    "versionEndIncluding": "19.1.2",
                    "versionStartIncluding": "19.1.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1F7BF047-03C5-4A60-B718-E222B16DBF41",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E3A73D81-3E1A-42E6-AB96-835CDD5905F2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AA10CA55-C155-4DAD-A109-87A80116F1A1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*",
                    "matchCriteriaId": "66136D6D-FC52-40DB-B7B6-BA8B7758CE16",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*",
                    "matchCriteriaId": "06514F46-544B-4404-B45C-C9584EBC3131",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3BD4BF9A-BF38-460D-974D-5B3255AAF946",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "92D538A5-819D-4DF7-85FE-4D4EB6E230E0",
                    "versionEndIncluding": "8.0.7",
                    "versionStartIncluding": "8.0.4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AEDA3A88-002B-4700-9277-3187C0A3E4B4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "BE886BC5-F807-4627-8233-2290817FE205",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B47C73D0-BE89-4D87-8765-12C507F13AFF",
                    "versionEndIncluding": "5.6.0.0",
                    "versionStartIncluding": "5.0.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5B8AA91A-1880-43CD-938D-48EF58ACF2CF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E6B5D7DB-C70E-4926-819F-E39B79F4D0C5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A7506589-9B3B-49BA-B826-774BFDCC45B8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "37EB4A1D-A875-46B7-BEB0-694D1F400CF7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2233F287-6B9F-4C8A-A724-959DD3AD29AF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2381FAB6-8D36-4389-98E4-74F3462654BA",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9E587602-BA7D-4087-BE29-ACE0B01BD590",
                    "versionEndIncluding": "8.6.3",
                    "versionStartIncluding": "8.6.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
                    "matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "84668F58-6511-4E53-8213-13B440F454C1",
                    "versionEndIncluding": "12.2.15",
                    "versionStartIncluding": "12.2.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9D8B3B57-73D6-4402-987F-8AE723D52F94",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "62BF043E-BCB9-433D-BA09-7357853EE127",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3F26FB80-F541-4B59-AC3C-633F49388B59",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "12D3B2F0-E9C7-432B-91C6-A6C329A84B78",
                    "versionEndIncluding": "12.2.15",
                    "versionStartIncluding": "12.2.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "06CF27F6-ADC1-480C-9D2E-2BD1E7330C32",
                    "versionEndIncluding": "16.2.11",
                    "versionStartIncluding": "16.2.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E4AA3854-C9FD-4287-85A0-EE7907D1E1ED",
                    "versionEndIncluding": "17.12.7",
                    "versionStartIncluding": "17.12.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E8CD4002-F310-4BE4-AF7B-4BCCB17DA6FF",
                    "versionEndIncluding": "18.8.9",
                    "versionStartIncluding": "18.8.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "69112C56-7747-4E11-A938-85A481529F58",
                    "versionEndIncluding": "19.12.4",
                    "versionStartIncluding": "19.12.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D9E628E7-6CC5-418C-939F-8EEA69B222A0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
                    "versionEndIncluding": "17.12",
                    "versionStartIncluding": "17.7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
                    "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "99579D88-27C0-4B93-B2F4-69B6781BC4BD",
                    "versionEndIncluding": "2.3.0.3",
                    "versionStartIncluding": "2.3.0.1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*",
                    "matchCriteriaId": "36FC547E-861A-418C-A314-DA09A457B13A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*",
                    "matchCriteriaId": "DF9FEE51-50E3-41E9-AA0D-272A640F85CC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*",
                    "matchCriteriaId": "E69E905F-2E1A-4462-9082-FF7B10474496",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*",
                    "matchCriteriaId": "0F9B692C-8986-4F91-9EF4-2BB1E3B5C133",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*",
                    "matchCriteriaId": "C5F4C40E-3ABC-4C59-B226-224262DCFF37",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "31C7EEA3-AA72-48DA-A112-2923DBB37773",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "83B5F416-56AE-4DC5-BCFF-49702463E716",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AD4AB77A-E829-4603-AF6A-97B9CD0D687F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6DE15D64-6F49-4F43-8079-0C7827384C86",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "36E16AEF-ACEB-413C-888C-8D250F65C180",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9EFAEA84-E376-40A2-8C9F-3E0676FEC527",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "237968A4-AE89-44DC-8BA3-D9651F88883D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "959316A8-C3AF-4126-A242-3835ED0AD1E8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1E2B6C75-3EB5-4BCE-B5D1-39DD3DE94139",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "70BEF219-45EC-4A53-A815-42FBE20FC300",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1EA2023A-1AD6-41FE-A214-9D1F6021D6B6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2AA4E307-D5FA-461D-9809-BDD123AE7B74",
                    "versionEndIncluding": "19.8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*",
                    "matchCriteriaId": "98B9198C-11DF-4E80-ACFC-DC719CED8C7E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "587EE4F3-E7AC-4A69-9476-0E71E75EE7A4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A7961BBD-6411-4D32-947D-3940221C235B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "162C6FD9-AEC2-4EBA-A163-3054840B8ACE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A6879D52-A44E-4DF8-8A3A-3613822EB469",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5AAF89C1-AAC2-449C-90C1-895F5F8843B4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2F2D3FA0-BD9D-4828-AE36-1CE43D9B07D1",
                    "versionEndIncluding": "2.3.0.3",
                    "versionStartIncluding": "2.3.0.1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D551CAB1-4312-44AA-BDA8-A030817E153A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C63557DE-E65B-46F4-99C4-247EACCB7BBA",
                    "versionEndIncluding": "3.9.4",
                    "versionStartIncluding": "3.0.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
                    "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."
          },
          {
            "lang": "es",
            "value": "jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminaci\u00f3n de Object.prototype. Si un objeto fuente no sanitizado conten\u00eda una propiedad enumerable __proto__, podr\u00eda extender el Object.prototype nativo."
          }
        ],
        "id": "CVE-2019-11358",
        "lastModified": "2024-02-16T16:32:51.227",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              "exploitabilityScore": 8.6,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": true
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 2.7,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2019-04-20T00:29:00.247",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/May/10"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch",
              "Third Party Advisory"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/May/11"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch",
              "Third Party Advisory"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/May/13"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch",
              "Third Party Advisory"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/bid/108023"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:1570"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1456"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2587"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3023"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3024"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Release Notes",
              "Vendor Advisory"
            ],
            "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://github.com/jquery/jquery/pull/4333"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://seclists.org/bugtraq/2019/Apr/32"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking",
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/12"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/18"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Third Party Advisory"
            ],
            "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4434"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4460"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://www.drupal.org/sa-core-2019-006"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.tenable.com/security/tns-2019-08"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.tenable.com/security/tns-2020-02"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-1321"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.