Skip to content

Duplicate Advisory: Prototype Pollution in jquery

Moderate severity GitHub Reviewed Published Apr 23, 2019 to the GitHub Advisory Database • Updated Sep 25, 2023
Withdrawn This advisory was withdrawn on Apr 26, 2019

Package

npm jquery (npm)

Affected versions

< 3.4.0

Patched versions

3.4.0
nuget jquery (NuGet)
< 3.4.0
3.4.0
bundler jquery-rails (RubyGems)
< 3.4.0
3.4.0
maven org.webjars.npm:jquery (Maven)
< 3.4.0
3.4.0

Description

Duplicate Advisory

This advisory is a duplicate of GHSA-6c3j-c64m-qhgq. This link is maintained to preserve external references.

Original Description

Versions of jquery prior to 3.4.0 are vulnerable to Prototype Pollution. The extend() method allows an attacker to modify the prototype for Object causing changes in properties that will exist on all objects.

Recommendation

Upgrade to version 3.4.0 or later.

References

Reviewed Apr 23, 2019
Published to the GitHub Advisory Database Apr 23, 2019
Withdrawn Apr 26, 2019
Last updated Sep 25, 2023

Severity

Moderate

EPSS score

0.241%
(63rd percentile)

Weaknesses

No CWEs

CVE ID

CVE-2019-5428

GHSA ID

GHSA-wv67-q8rr-grjp

Source code

No known source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.