VULNERABILITY

Red Hat OpenShift: CVE-2019-11358: jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

Try Surface Command Get a continuous 360° view of your attack surface

Back to Search

Red Hat OpenShift: CVE-2019-11358: jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

04/20/2019

Created

12/30/2020

Added

12/29/2020

Modified

11/27/2024

Description

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

Solution(s)

linuxrpm-upgrade-atomic-enterprise-service-catalog
linuxrpm-upgrade-atomic-openshift
linuxrpm-upgrade-atomic-openshift-cluster-autoscaler
linuxrpm-upgrade-atomic-openshift-descheduler
linuxrpm-upgrade-atomic-openshift-dockerregistry
linuxrpm-upgrade-atomic-openshift-metrics-server
linuxrpm-upgrade-atomic-openshift-node-problem-detector
linuxrpm-upgrade-atomic-openshift-service-idler
linuxrpm-upgrade-atomic-openshift-web-console
linuxrpm-upgrade-cri-o
linuxrpm-upgrade-golang-github-openshift-oauth-proxy
linuxrpm-upgrade-golang-github-prometheus-alertmanager
linuxrpm-upgrade-golang-github-prometheus-node_exporter
linuxrpm-upgrade-golang-github-prometheus-prometheus
linuxrpm-upgrade-jenkins
linuxrpm-upgrade-jenkins-2-plugins
linuxrpm-upgrade-openshift-ansible
linuxrpm-upgrade-openshift-enterprise-autoheal
linuxrpm-upgrade-openshift-enterprise-cluster-capacity
linuxrpm-upgrade-openshift-kuryr

References

https://attackerkb.com/topics/cve-2019-11358
CVE - 2019-11358
RHSA-2019:1456
RHSA-2019:2587
RHSA-2019:3023
RHSA-2019:3024
RHSA-2020:1325
RHSA-2020:2412
RHSA-2020:3936
RHSA-2020:4298
RHSA-2020:4670
RHSA-2020:4847
RHSA-2020:5581

Advanced vulnerability management analytics and reporting.

Key Features

Lightweight Endpoint Agent
Live Dashboards
Real Risk Prioritization
IT-Integrated Remediation Projects
Cloud, Virtual, and Container Assessment
Integrated Threat Feeds
Easy-to-Use RESTful API
Automation-Assisted Patching
Automated Containment

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

VULNERABILITY

Red Hat OpenShift: CVE-2019-11358: jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

Red Hat OpenShift: CVE-2019-11358: jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

Description

Solution(s)

References

Submit your information and we will get in touch with you.

Thank you for contacting us.

We will be in touch shortly.