vulnerability
FreeBSD: (Multiple Advisories) (CVE-2019-11358)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Jul 5, 2019 | Jul 5, 2019 | Jun 15, 2026 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Jul 5, 2019
Added
Jul 5, 2019
Modified
Jun 15, 2026
Description
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Solutions
freebsd-upgrade-package-mediawiki131freebsd-upgrade-package-mediawiki132freebsd-upgrade-package-py27-django111freebsd-upgrade-package-py35-django111freebsd-upgrade-package-py36-django111freebsd-upgrade-package-py37-django111freebsd-upgrade-package-py35-django21freebsd-upgrade-package-py36-django21freebsd-upgrade-package-py37-django21freebsd-upgrade-package-py35-django22freebsd-upgrade-package-py36-django22freebsd-upgrade-package-py37-django22
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.