Vulnerability CVE-2019-11358


Published: 2019-04-19   Modified: 2019-04-20

Description:
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
dotCMS 5.1.1 Vulnerable Dependencies
John Martinelli
11.05.2019
Low
RetireJS CORS Issue / Script Execution
John Martinelli
12.06.2019

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

Vendor: Debian
Product: Debian linux 
Version: 9.0;
Vendor: Drupal
Product: Drupal 
Version:
8.6.9
8.6.8
8.6.7
8.6.6
8.6.5
8.6.4
8.6.3
8.6.2
8.6.14
8.6.13
8.6.12
8.6.11
8.6.10
8.6.1
8.6.0
8.5.9
8.5.8
8.5.7
8.5.6
8.5.5
8.5.4
8.5.3
8.5.2
8.5.14
8.5.13
8.5.12
8.5.11
8.5.10
8.5.1
8.5.0
7.9
7.8
7.7
7.65
7.64
7.63
7.62
7.61
7.60
7.59
7.58
7.57
7.56
7.55
7.54
7.53
7.52
7.51
7.50
7.44
7.43
7.42
7.41
7.40
7.39
7.38
7.37
7.36
7.35
7.34
7.33
7.32
7.31
7.30
7.29
7.28
7.27
7.26
7.25
7.24
7.23
7.22
7.21
7.20
7.19
7.18
7.17
7.16
7.15
7.14
7.13
7.12
7.11
7.10
7.0
See more versions on NVD
Vendor: Jquery
Product: Jquery 
Version:
3.3.1
3.3.0
3.2.1
3.2.0
3.1.1
3.1.0
3.0.0
2.2.4
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
http://seclists.org/fulldisclosure/2019/May/10
http://seclists.org/fulldisclosure/2019/May/11
http://seclists.org/fulldisclosure/2019/May/13
http://www.openwall.com/lists/oss-security/2019/06/03/2
http://www.securityfocus.com/bid/108023
https://access.redhat.com/errata/RHSA-2019:1456
https://backdropcms.org/security/backdrop-sa-core-2019-009
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
https://github.com/jquery/jquery/pull/4333
https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/
https://seclists.org/bugtraq/2019/Apr/32
https://seclists.org/bugtraq/2019/Jun/12
https://seclists.org/bugtraq/2019/May/18
https://snyk.io/vuln/SNYK-JS-JQUERY-174006
https://www.debian.org/security/2019/dsa-4434
https://www.debian.org/security/2019/dsa-4460
https://www.drupal.org/sa-core-2019-006

Related CVE
CVE-2016-10707
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.
CVE-2015-9251
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVE-2012-6708
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking f...
CVE-2014-6071
jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.
CVE-2016-7103
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
CVE-2010-5312
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
CVE-2011-4969
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
CVE-2007-2379
The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIP...

Copyright 2019, cxsecurity.com

 

Back to Top