Skip to content

jquery vulnerability

1 jquery vulnerability found in package-lock.json.

Remediation Upgrade jquery to version 3.4.0 or later.

Details CVE-2019-11358

moderate severity Vulnerable versions: < 3.4.0 Patched version: 3.4.0

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.