jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
MEDIUM Vulnerable Package issue exists @ jquery in branch master
Description
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
MEDIUM Vulnerable Package issue exists @ jquery in branch master
Vulnerability ID: CVE-2019-11358
Package Name: jquery
Severity: MEDIUM
CVSS Score: 6.1
Publish Date: 2019-04-20T00:29:00
Current Package Version: 1.11.0
Remediation Upgrade Recommendation: 3.5.0
Link To SCA
Reference – NVD link