jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| jquery(npm) | 1.1.4 | 3.4.0 | N/A |
| jquery-rails(RubyGems) | 0 | 4.3.4 | N/A |
| jQuery(NuGet) | 1.1.4 | 3.4.0 | N/A |
| django(PyPI) | 2.0a1 | 2.1.9 | N/A |
| django(PyPI) | 2.2a1 | 2.2.2 | N/A |
| org.webjars.npm:jquery(Maven) | 1.1.4 | 3.4.0 | N/A |
| maximebf/debugbar(Packagist) | 0 | 1.19.0 | N/A |
CVSS Metrics
