ADVISORIES

• CVE-2019-11358 (NVD)
• GHSA-6c3j-c64m-qhgq
• Vendor Advisory

GEM

jquery-rails

FRAMEWORK

Ruby on Rails

SEVERITY

CVSS v3.x: 6.1 (Medium)

CVSS v2.0: 4.3 (Medium)

PATCHED VERSIONS

• >= 4.3.4

DESCRIPTION

jQuery before 3.4.0 mishandles jQuery.extend(true, {}, …) because of bject.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

RELATED

• https://hackerone.com/reports/454365
• https://github.com/jquery/jquery/pull/4333
• https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
• https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434