Rapid7 Vulnerability & Exploit Database

Red Hat OpenShift: CVE-2019-11358: jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Red Hat OpenShift: CVE-2019-11358: jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

04/20/2019

Created

12/30/2020

Added

12/29/2020

Modified

05/10/2023

Description

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

Solution(s)

linuxrpm-upgrade-atomic-enterprise-service-catalog
linuxrpm-upgrade-atomic-openshift
linuxrpm-upgrade-atomic-openshift-cluster-autoscaler
linuxrpm-upgrade-atomic-openshift-descheduler
linuxrpm-upgrade-atomic-openshift-dockerregistry
linuxrpm-upgrade-atomic-openshift-metrics-server
linuxrpm-upgrade-atomic-openshift-node-problem-detector
linuxrpm-upgrade-atomic-openshift-service-idler
linuxrpm-upgrade-atomic-openshift-web-console
linuxrpm-upgrade-cri-o
linuxrpm-upgrade-golang-github-openshift-oauth-proxy
linuxrpm-upgrade-golang-github-prometheus-alertmanager
linuxrpm-upgrade-golang-github-prometheus-node_exporter
linuxrpm-upgrade-golang-github-prometheus-prometheus
linuxrpm-upgrade-jenkins
linuxrpm-upgrade-jenkins-2-plugins
linuxrpm-upgrade-openshift-ansible
linuxrpm-upgrade-openshift-enterprise-autoheal
linuxrpm-upgrade-openshift-enterprise-cluster-capacity
linuxrpm-upgrade-openshift-kuryr

References

https://attackerkb.com/topics/cve-2019-11358
108023
CVE - 2019-11358
DSA-4434
DSA-4460
RHBA-2019:1570
RHSA-2019:1456
RHSA-2019:2587
RHSA-2019:3023
RHSA-2019:3024
RHSA-2020:1325
RHSA-2020:2412
RHSA-2020:3936
RHSA-2020:4298
RHSA-2020:4670
RHSA-2020:4847
RHSA-2020:5581

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Red Hat OpenShift: CVE-2019-11358: jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

Red Hat OpenShift: CVE-2019-11358: jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.