摘要:
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
安全等级: Low
公告ID: KylinSec-SA-2022-1321
发布日期: 2022年11月18日
关联CVE: CVE-2019-11358
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2019-11358 | KY3.4-4A | exiv2 | Unaffected |
| CVE-2019-11358 | KY3.4-5 | exiv2 | Unaffected |
| CVE-2019-11358 | KY3.5.1 | exiv2 | Unaffected |
