CVE-2019-11358 (agile_product_lifecycle_management_for_process, application_express, application_service_level_management, application_testing_suite, backdrop, backports_sle, banking_digital_experience, banking_enterprise_collections, banking_platform, bi_publisher, big_data_discovery, business_process_management_suite, cloudforms, communications_analytics, communications_application_session_controller, communications_billing_and_revenue_management, communications_diameter_signaling_router, communications_element_manager, communications_interactive_session_recorder, communications_operations_monitor, communications_session_report_manager, communications_session_route_manager, communications_unified_inventory_management, communications_webrtc_session_controller, debian_linux, diagnostic_assistant, drupal, enterprise_manager_ops_center, enterprise_session_border_controller, fedora, financial_services_analytical_applications_infrastructure, financial_services_analytical_applications_reconciliation_framework, financial_services_asset_liability_management, financial_services_balance_sheet_planning, financial_services_basel_regulatory_capital_basic, financial_services_basel_regulatory_capital_internal_ratings_based_approach, financial_services_data_foundation, financial_services_data_governance_for_us_regulatory_reporting, financial_services_data_integration_hub, financial_services_enterprise_financial_performance_analytics, financial_services_funds_transfer_pricing, financial_services_hedge_management_and_ifrs_valuations, financial_services_institutional_performance_analytics, financial_services_liquidity_risk_management, financial_services_liquidity_risk_measurement_and_management, financial_services_loan_loss_forecasting_and_provisioning, financial_services_market_risk_measurement_and_management, financial_services_price_creation_and_discovery, financial_services_profitability_management, financial_services_regulatory_reporting_for_de_nederlandsche_bank, financial_services_regulatory_reporting_for_european_banking_authority, financial_services_regulatory_reporting_for_us_federal_reserve, financial_services_retail_customer_analytics, financial_services_retail_performance_analytics, financial_services_revenue_management_and_billing, fusion_middleware_mapviewer, healthcare_foundation, healthcare_translational_research, hospitality_guest_access, hospitality_materials_control, hospitality_simphony, insurance_accounting_analyzer, insurance_allocation_manager_for_enterprise_profitability, insurance_data_foundation, insurance_ifrs_17_analyzer, insurance_insbridge_rating_and_underwriting, insurance_performance_insight, jd_edwards_enterpriseone_tools, jdeveloper, jdeveloper_and_adf, jquery, knowledge, leap, oncommand_system_manager, peoplesoft_enterprise_peopletools, policy_automation, policy_automation_connector_for_siebel, policy_automation_for_mobile_devices, primavera_gateway, primavera_unifier, real-time_scheduler, rest_data_services, retail_back_office, retail_central_office, retail_customer_insights, retail_customer_management_and_segmentation_foundation, retail_point-of-service, retail_returns_management, service_bus, siebel_mobile_applications, siebel_ui_framework, snapcenter, storagetek_tape_analytics_sw_tool, system_utilities, tape_library_acsls, transportation_management, utilities_mobile_workforce_management, virtualization_manager, webcenter_sites, weblogic_server)

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

View Full Alert

Leave a Reply