/

CVE-2019-11358 Report - Details, Severity, & Advisorie...

CVE-2019-11358 Report - Details, Severity, & Advisories

Twingate Team

Apr 25, 2024

CVE-2019-11358 is a medium-severity vulnerability affecting jQuery versions before 3.4.0, which are used in Drupal, Backdrop CMS, and other products. This vulnerability, known as prototype pollution, can lead to Object.prototype pollution, potentially impacting a wide range of systems running these vulnerable versions of jQuery. It is important for users and administrators to update their systems to mitigate the risks associated with this vulnerability.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, you'll need to check if you're using jQuery versions before 3.4.0 in your Drupal, Backdrop CMS, or other products. This vulnerability, known as "prototype pollution occurs due to mishandling of jQuery.extend(true, {}, ...) because of Object.prototype pollution. Affected versions include Drupal versions 7.0 to 7.65, 8.5.0 to 8.5.14, and 8.6.0 to 8.6.14, Backdrop CMS versions 1.11.0 to 1.11.8 and 1.12.0 to 1.12.5, and Debian Linux, Fedora, openSUSE Leap, Joomla, and Junos versions, among others.

What should I do if I'm affected?

If you're affected by the vulnerability, it's crucial to update your system. For jQuery, update to version 3.4.0 or later. For Drupal and Backdrop CMS, update to the latest versions. For openSUSE users, install the recommended security updates using YaST online_update or zypper patch. Always keep your software up-to-date to minimize security risks.

Is CVE-2019-11358 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2019-11358 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability affects jQuery versions before 3.4.0, which are used in Drupal, Backdrop CMS, and other products. The National Vulnerability Database does not provide a specific date when this vulnerability was added, a due date, or a required action. However, it is important to update your systems to mitigate the risks associated with this vulnerability.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-1321, which describes the vulnerability as Improperly Controlled Modification of Object Prototype Attributes or Prototype Pollution. It affects jQuery before 3.4.0, used in various software products.

For more details

CVE-2019-11358 is a significant vulnerability that affects various software products, including jQuery, Drupal, and Backdrop CMS. To better understand the details, severity, and potential impact of this vulnerability, refer to the NVD page and the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2019-11358 Report - Details, Severity, & Advisorie...

CVE-2019-11358 Report - Details, Severity, & Advisories

Twingate Team

Apr 25, 2024

CVE-2019-11358 is a medium-severity vulnerability affecting jQuery versions before 3.4.0, which are used in Drupal, Backdrop CMS, and other products. This vulnerability, known as prototype pollution, can lead to Object.prototype pollution, potentially impacting a wide range of systems running these vulnerable versions of jQuery. It is important for users and administrators to update their systems to mitigate the risks associated with this vulnerability.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, you'll need to check if you're using jQuery versions before 3.4.0 in your Drupal, Backdrop CMS, or other products. This vulnerability, known as "prototype pollution occurs due to mishandling of jQuery.extend(true, {}, ...) because of Object.prototype pollution. Affected versions include Drupal versions 7.0 to 7.65, 8.5.0 to 8.5.14, and 8.6.0 to 8.6.14, Backdrop CMS versions 1.11.0 to 1.11.8 and 1.12.0 to 1.12.5, and Debian Linux, Fedora, openSUSE Leap, Joomla, and Junos versions, among others.

What should I do if I'm affected?

If you're affected by the vulnerability, it's crucial to update your system. For jQuery, update to version 3.4.0 or later. For Drupal and Backdrop CMS, update to the latest versions. For openSUSE users, install the recommended security updates using YaST online_update or zypper patch. Always keep your software up-to-date to minimize security risks.

Is CVE-2019-11358 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2019-11358 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability affects jQuery versions before 3.4.0, which are used in Drupal, Backdrop CMS, and other products. The National Vulnerability Database does not provide a specific date when this vulnerability was added, a due date, or a required action. However, it is important to update your systems to mitigate the risks associated with this vulnerability.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-1321, which describes the vulnerability as Improperly Controlled Modification of Object Prototype Attributes or Prototype Pollution. It affects jQuery before 3.4.0, used in various software products.

For more details

CVE-2019-11358 is a significant vulnerability that affects various software products, including jQuery, Drupal, and Backdrop CMS. To better understand the details, severity, and potential impact of this vulnerability, refer to the NVD page and the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2019-11358 Report - Details, Severity, & Advisories

Twingate Team

Apr 25, 2024

CVE-2019-11358 is a medium-severity vulnerability affecting jQuery versions before 3.4.0, which are used in Drupal, Backdrop CMS, and other products. This vulnerability, known as prototype pollution, can lead to Object.prototype pollution, potentially impacting a wide range of systems running these vulnerable versions of jQuery. It is important for users and administrators to update their systems to mitigate the risks associated with this vulnerability.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, you'll need to check if you're using jQuery versions before 3.4.0 in your Drupal, Backdrop CMS, or other products. This vulnerability, known as "prototype pollution occurs due to mishandling of jQuery.extend(true, {}, ...) because of Object.prototype pollution. Affected versions include Drupal versions 7.0 to 7.65, 8.5.0 to 8.5.14, and 8.6.0 to 8.6.14, Backdrop CMS versions 1.11.0 to 1.11.8 and 1.12.0 to 1.12.5, and Debian Linux, Fedora, openSUSE Leap, Joomla, and Junos versions, among others.

What should I do if I'm affected?

If you're affected by the vulnerability, it's crucial to update your system. For jQuery, update to version 3.4.0 or later. For Drupal and Backdrop CMS, update to the latest versions. For openSUSE users, install the recommended security updates using YaST online_update or zypper patch. Always keep your software up-to-date to minimize security risks.

Is CVE-2019-11358 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2019-11358 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability affects jQuery versions before 3.4.0, which are used in Drupal, Backdrop CMS, and other products. The National Vulnerability Database does not provide a specific date when this vulnerability was added, a due date, or a required action. However, it is important to update your systems to mitigate the risks associated with this vulnerability.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-1321, which describes the vulnerability as Improperly Controlled Modification of Object Prototype Attributes or Prototype Pollution. It affects jQuery before 3.4.0, used in various software products.

For more details

CVE-2019-11358 is a significant vulnerability that affects various software products, including jQuery, Drupal, and Backdrop CMS. To better understand the details, severity, and potential impact of this vulnerability, refer to the NVD page and the resources listed below.