Main Vulnerability Database Vulnerabilities #VU18092

Prototype pollution in jQuery - CVE-2019-11358

Published: March 28, 2019 / Updated: March 6, 2024

Vulnerability identifier: #VU18092

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2019-11358

CWE-ID: CWE-1321

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: The jQuery Team

Affected software:
jQuery

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary JavaScript code.

The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.

How to mitigate CVE-2019-11358

Update to version 3.4.0.

Sources

https://github.com/jquery/jquery/pull/4333
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
https://snyk.io/vuln/SNYK-JS-JQUERY-174006

Prototype pollution in jQuery - CVE-2019-11358

Detailed vulnerability description

How to mitigate CVE-2019-11358

Sources

Please verify you're human