1 jquery vulnerability found in yarn.lock 10 hours ago
Remediation
Upgrade jquery to version 3.4.0 or later. For example:
jquery@^3.4.0:
version "3.4.0"
Always verify the validity and compatibility of suggestions with your codebase.
Details
CVE-2019-11358 More information
moderate severity
Vulnerable versions: < 3.4.0
Patched version: 3.4.0
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
pdrf
commented
5 years ago