jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
PatchThird Party Advisory
PatchThird Party Advisory
PatchThird Party Advisory
PatchThird Party Advisory
Release NotesVendor Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListPatchThird Party Advisory
Third Party AdvisoryVDB Entry
Mailing ListPatchThird Party Advisory
Mailing ListPatchThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListPatchThird Party Advisory
Third Party AdvisoryVDB Entry
Issue TrackingMailing ListThird Party Advisory
PatchThird Party Advisory
PatchThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
PatchThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Third Party AdvisoryVDB Entry
PatchThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
PatchThird Party Advisory
PatchThird Party Advisory
PatchThird Party Advisory
PatchThird Party Advisory
PatchThird Party Advisory
PatchThird Party Advisory
PatchThird Party Advisory