CVE-2019-11358 - Vulnerability Details

- jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

Description

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

Published: 2019-04-19

Score: 6.1 Medium

EPSS: 2.4% Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::

Configuration 4 [-]

OR	cpe:2.3:a:backdropcms:backdrop::::::::
	cpe:2.3:a:backdropcms:backdrop::::::::

Configuration 5 [-]

OR	cpe:2.3:o:fedoraproject:fedora:28:::::::*
	cpe:2.3:o:fedoraproject:fedora:29:::::::*
	cpe:2.3:o:fedoraproject:fedora:30:::::::*

Configuration 6 [-]

OR	cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::
	cpe:2.3:o:opensuse:leap:15.1:::::::*

Configuration 7 [-]

OR	cpe:2.3:a:netapp:oncommand_system_manager::::::::
	cpe:2.3:a:netapp:snapcenter:-:::::::*

Configuration 8 [-]

OR	cpe:2.3:a:redhat:cloudforms:4.7:::::::*
	cpe:2.3:a:redhat:virtualization_manager:4.3:::::::*

Configuration 9 [-]

OR	cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:::::::*
	cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:::::::*
	cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:::::::*
	cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:::::::*
	cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:::::::*
	cpe:2.3:a:oracle:application_express::::::::
	cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:::::::*
	cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:::::::*
	cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.2:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.3:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:18.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:18.2:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:18.3:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:19.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:19.2:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:20.1:::::::*
	cpe:2.3:a:oracle:banking_enterprise_collections::::::::
	cpe:2.3:a:oracle:banking_platform::::::::
	cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:::::::*
	cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:big_data_discovery:1.6:::::::*
	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:communications_analytics:12.1.1:::::::*
	cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:::::::*
	cpe:2.3:a:oracle:communications_eagle_application_processor::::::::
	cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.2.1:::::::*
	cpe:2.3:a:oracle:communications_interactive_session_recorder::::::::
	cpe:2.3:a:oracle:communications_operations_monitor::::::::
	cpe:2.3:a:oracle:communications_operations_monitor:3.4:::::::*
	cpe:2.3:a:oracle:communications_operations_monitor:4.0:::::::*
	cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:::::::*
	cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:::::::*
	cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:::::::*
	cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework::::::::
cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_asset_liability_management::::::::
cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:::::::*
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic::::::::
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach::::::::
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_data_foundation::::::::
cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting::::::::
cpe:2.3:a:oracle:financial_services_data_integration_hub::::::::
cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:::::::*
cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:::::::*
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing::::::::
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations::::::::
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics::::::::
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning::::::::
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:::::::*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:::::::*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:::::::*
cpe:2.3:a:oracle:financial_services_price_creation_and_discovery::::::::
cpe:2.3:a:oracle:financial_services_profitability_management::::::::
cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:::::::*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:::::::*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:::::::*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve::::::::
cpe:2.3:a:oracle:financial_services_retail_customer_analytics::::::::
cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:::::::*
cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:::::::*
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:::::::*
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:::::::*
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:healthcare_foundation:7.1.1:::::::*
cpe:2.3:a:oracle:healthcare_foundation:7.2.0:::::::*
cpe:2.3:a:oracle:healthcare_foundation:7.2.2:::::::*
cpe:2.3:a:oracle:healthcare_foundation:7.3.0:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:::::::*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
cpe:2.3:a:oracle:hospitality_materials_control:18.1:::::::*
cpe:2.3:a:oracle:hospitality_simphony::::::::
cpe:2.3:a:oracle:hospitality_simphony:18.1:::::::*
cpe:2.3:a:oracle:hospitality_simphony:18.2:::::::*
cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:::::::*
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:::::::*
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:::::::*
cpe:2.3:a:oracle:insurance_data_foundation::::::::
cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:::::::*
cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:::::::*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting::::::::
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:::::::*
cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:::::::*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:::::::*
cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:::::::*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:::::::*
cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:knowledge::::::::
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:policy_automation::::::::
cpe:2.3:a:oracle:policy_automation:10.4.7:::::::*
cpe:2.3:a:oracle:policy_automation:12.1.0:::::::*
cpe:2.3:a:oracle:policy_automation:12.1.1:::::::*
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:::::::*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices::::::::
cpe:2.3:a:oracle:primavera_gateway::::::::
cpe:2.3:a:oracle:primavera_gateway::::::::
cpe:2.3:a:oracle:primavera_gateway::::::::
cpe:2.3:a:oracle:primavera_gateway::::::::
cpe:2.3:a:oracle:primavera_gateway:15.2.18:::::::*
cpe:2.3:a:oracle:primavera_unifier::::::::
cpe:2.3:a:oracle:primavera_unifier:16.1:::::::*
cpe:2.3:a:oracle:primavera_unifier:16.2:::::::*
cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
cpe:2.3:a:oracle:real-time_scheduler::::::::
cpe:2.3:a:oracle:rest_data_services:11.2.0.4::::-:::
cpe:2.3:a:oracle:rest_data_services:12.1.0.2::::-:::
cpe:2.3:a:oracle:rest_data_services:12.2.0.1::::-:::
cpe:2.3:a:oracle:rest_data_services:18c::::-:::
cpe:2.3:a:oracle:rest_data_services:19c::::-:::
cpe:2.3:a:oracle:retail_back_office:14.0:::::::*
cpe:2.3:a:oracle:retail_back_office:14.1:::::::*
cpe:2.3:a:oracle:retail_central_office:14.0:::::::*
cpe:2.3:a:oracle:retail_central_office:14.1:::::::*
cpe:2.3:a:oracle:retail_customer_insights:15.0:::::::*
cpe:2.3:a:oracle:retail_customer_insights:16.0:::::::*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:::::::*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:::::::*
cpe:2.3:a:oracle:retail_point-of-service:14.0:::::::*
cpe:2.3:a:oracle:retail_point-of-service:14.1:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.1:::::::*
cpe:2.3:a:oracle:service_bus:11.1.1.9.0:::::::*
cpe:2.3:a:oracle:service_bus:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:service_bus:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:siebel_mobile_applications::::::::
cpe:2.3:a:oracle:siebel_ui_framework:20.8:::::::*
cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:::::::*
cpe:2.3:a:oracle:system_utilities:19.1:::::::*
cpe:2.3:a:oracle:tape_library_acsls:8.5:::::::*
cpe:2.3:a:oracle:tape_library_acsls:8.5.1:::::::*
cpe:2.3:a:oracle:transportation_management:1.4.3:::::::*
cpe:2.3:a:oracle:utilities_mobile_workforce_management::::::::
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*

Configuration 10 [-]

cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

Configuration 11 [-]

cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
CloudForms Management Engine 5.10
ansible-tower-0:3.5.2-1.el7at	cpe:/a:redhat:cloudforms_managementengine:5.10::el7	RHSA-2019:2587	2019-09-05T00:00:00Z
cfme-0:5.10.9.1-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.10::el7	RHSA-2019:2587	2019-09-05T00:00:00Z
cfme-amazon-smartstate-0:5.10.9.1-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.10::el7	RHSA-2019:2587	2019-09-05T00:00:00Z
cfme-appliance-0:5.10.9.1-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.10::el7	RHSA-2019:2587	2019-09-05T00:00:00Z
cfme-gemset-0:5.10.9.1-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.10::el7	RHSA-2019:2587	2019-09-05T00:00:00Z
ovirt-ansible-hosted-engine-setup-0:1.0.23-1.el7ev	cpe:/a:redhat:cloudforms_managementengine:5.10::el7	RHSA-2019:2587	2019-09-05T00:00:00Z
ovirt-ansible-roles-0:1.1.7-1.el7ev	cpe:/a:redhat:cloudforms_managementengine:5.10::el7	RHSA-2019:2587	2019-09-05T00:00:00Z
ovirt-ansible-vm-infra-0:1.1.19-1.el7ev	cpe:/a:redhat:cloudforms_managementengine:5.10::el7	RHSA-2019:2587	2019-09-05T00:00:00Z
v2v-conversion-host-0:1.14.2-1.el7ev	cpe:/a:redhat:cloudforms_managementengine:5.10::el7	RHSA-2019:2587	2019-09-05T00:00:00Z
Red Hat Enterprise Linux 7
ipa-0:4.6.8-5.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:3936	2020-09-29T00:00:00Z
pcs-0:0.9.169-3.el7_9.3	cpe:/o:redhat:enterprise_linux:7	RHSA-2022:7343	2022-11-02T00:00:00Z
Red Hat Enterprise Linux 8
idm:client-8030020200923172426.05ac3f11	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4670	2020-11-04T00:00:00Z
idm:DL1-8030020200923172343.9c827e52	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4670	2020-11-04T00:00:00Z
pki-core:10.6-8030020200911215836.5ff1562f	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4847	2020-11-04T00:00:00Z
pki-deps:10.6-8030020200527165326.30b713e6	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4847	2020-11-04T00:00:00Z
pcs-0:0.10.10-4.el8	cpe:/a:redhat:enterprise_linux:8::highavailability	RHSA-2021:4142	2021-11-09T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7
jquery	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2023:0556	2023-01-31T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:0553	2023-01-31T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:0554	2023-01-31T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:0552	2023-01-31T00:00:00Z
Red Hat OpenShift Container Platform 3.11
atomic-enterprise-service-catalog-1:3.11.170-1.git.1.91db82e.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
atomic-openshift-0:3.11.170-1.git.0.00cac56.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
atomic-openshift-cluster-autoscaler-0:3.11.170-1.git.1.0a0df6a.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
atomic-openshift-descheduler-0:3.11.170-1.git.1.9ad83f2.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
atomic-openshift-dockerregistry-0:3.11.170-1.git.1.55fab05.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
atomic-openshift-metrics-server-0:3.11.170-1.git.1.357f177.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
atomic-openshift-node-problem-detector-0:3.11.170-1.git.1.b1f90a6.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
atomic-openshift-service-idler-0:3.11.170-1.git.1.8328979.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
atomic-openshift-web-console-0:3.11.170-1.git.1.3d64e8b.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
cri-o-0:1.11.16-0.5.dev.rhaos3.11.git3f89eba.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
golang-github-openshift-oauth-proxy-0:3.11.170-1.git.1.b49be83.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
golang-github-prometheus-alertmanager-0:3.11.170-1.git.1.61d7960.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
golang-github-prometheus-node_exporter-0:3.11.170-1.git.1.51473b7.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
golang-github-prometheus-prometheus-0:3.11.170-1.git.1.227bc98.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
jenkins-0:2.204.2.1580891656-1.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
jenkins-2-plugins-0:3.11.1579107288-1.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
openshift-ansible-0:3.11.170-2.git.5.8802564.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
openshift-enterprise-autoheal-0:3.11.170-1.git.1.dfe6c52.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
openshift-enterprise-cluster-capacity-0:3.11.170-1.git.1.661684b.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
openshift-kuryr-0:3.11.170-1.git.1.7265da1.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
Red Hat OpenShift Container Platform 4.5
openshift4/ose-console:v4.5.0-202007012112.p0	cpe:/a:redhat:openshift:4.5::el7	RHSA-2020:2412	2020-07-13T00:00:00Z
Red Hat OpenShift Container Platform 4.6
openshift4/ose-prometheus:v4.6.0-202009290409.p0	cpe:/a:redhat:openshift:4.6::el8	RHSA-2020:4298	2020-10-27T00:00:00Z
Red Hat OpenStack Platform 13.0 (Queens)
python-XStatic-jQuery-0:2.2.4.1-3.el7ost	cpe:/a:redhat:openstack:13::el7	RHSA-2020:5581	2020-12-16T00:00:00Z
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS
python-XStatic-jQuery-0:2.2.4.1-3.el7ost	cpe:/a:redhat:openstack:13::el7	RHSA-2020:5581	2020-12-16T00:00:00Z
Red Hat OpenStack Platform 15.0 (Stein)
python-XStatic-jQuery-0:3.4.1.0-1.el8ost	cpe:/a:redhat:openstack:15::el8	RHSA-2020:1325	2020-04-06T00:00:00Z
Red Hat Single Sign-On 7
keycloak-idp-jquery	cpe:/a:redhat:red_hat_single_sign_on:7.6	RHSA-2023:1049	2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.3.2 zip
	cpe:/a:redhat:jboss_single_sign_on:7.3	RHSA-2019:1456	2019-06-11T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 7
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7	RHSA-2023:1043	2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 8
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8	RHSA-2023:1044	2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 9
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9	RHSA-2023:1045	2023-03-01T00:00:00Z
Red Hat Virtualization Engine 4.3
ovirt-engine-api-explorer-0:0.0.5-1.el7ev	cpe:/a:redhat:rhev_manager:4.3	RHBA-2019:1570	2019-06-20T00:00:00Z
ovirt-engine-ui-extensions-0:1.0.10-1.el7ev	cpe:/a:redhat:rhev_manager:4.3	RHSA-2019:3023	2019-10-10T00:00:00Z
ovirt-web-ui-0:1.6.0-1.el7ev	cpe:/a:redhat:rhev_manager:4.3	RHSA-2019:3024	2019-10-10T00:00:00Z
RHEL-8 based Middleware Containers
rh-sso-7/sso76-openshift-rhel8:7.6-20	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2023:1047	2023-03-01T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-1777-1	jquery security update
Debian DLA	DLA-1797-1	drupal7 security update
Debian DLA	DLA-2118-1	otrs2 security update
Debian DLA	DLA-3551-1	otrs2 security update
Debian DSA	DSA-4434-1	drupal7 security update
Debian DSA	DSA-4460-1	mediawiki security update
Github GHSA	GHSA-6c3j-c64m-qhgq	XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Ubuntu USN	USN-7622-1	jQuery vulnerabilities

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.02362.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
http://seclists.org/fulldisclosure/2019/May/10
http://seclists.org/fulldisclosure/2019/May/11
http://seclists.org/fulldisclosure/2019/May/13
http://www.openwall.com/lists/oss-security/2019/06/03/2
http://www.securityfocus.com/bid/108023
https://access.redhat.com/errata/RHBA-2019:1570
https://access.redhat.com/errata/RHSA-2019:1456
https://access.redhat.com/errata/RHSA-2019:2587
https://access.redhat.com/errata/RHSA-2019:3023
https://access.redhat.com/errata/RHSA-2019:3024
https://backdropcms.org/security/backdrop-sa-core-2019-009
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
https://github.com/jquery/jquery/pull/4333
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E
https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E
https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/
https://nvd.nist.gov/vuln/detail/CVE-2019-11358
https://seclists.org/bugtraq/2019/Apr/32
https://seclists.org/bugtraq/2019/Jun/12
https://seclists.org/bugtraq/2019/May/18
https://security.netapp.com/advisory/ntap-20190919-0001/
https://snyk.io/vuln/SNYK-JS-JQUERY-174006
https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1
https://www.cve.org/CVERecord?id=CVE-2019-11358
https://www.debian.org/security/2019/dsa-4434
https://www.debian.org/security/2019/dsa-4460
https://www.drupal.org/sa-core-2019-006
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/
https://www.synology.com/security/advisory/Synology_SA_19_19
https://www.tenable.com/security/tns-2019-08
https://www.tenable.com/security/tns-2020-02

History

Fri, 11 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.02394}`	epss `{'score': 0.02777}`

Fri, 15 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Backdropcms Backdrop

Debian Debian Linux

Drupal Drupal

Fedoraproject Fedora

Joomla Joomla\!

Jquery Jquery

Juniper Junos

Netapp Oncommand System Manager Snapcenter

Opensuse Backports Sle Leap

Oracle Agile Product Lifecycle Management For Process Application Express Application Service Level Management Application Testing Suite Banking Digital Experience Banking Enterprise Collections Banking Platform Bi Publisher Big Data Discovery Business Process Management Suite Communications Analytics Communications Application Session Controller Communications Billing And Revenue Management Communications Diameter Signaling Router Communications Eagle Application Processor Communications Element Manager Communications Interactive Session Recorder Communications Operations Monitor Communications Services Gatekeeper Communications Session Report Manager Communications Session Route Manager Communications Unified Inventory Management Communications Webrtc Session Controller Diagnostic Assistant Enterprise Manager Ops Center Enterprise Session Border Controller Financial Services Analytical Applications Infrastructure Financial Services Analytical Applications Reconciliation Framework Financial Services Asset Liability Management Financial Services Balance Sheet Planning Financial Services Basel Regulatory Capital Basic Financial Services Basel Regulatory Capital Internal Ratings Based Approach Financial Services Data Foundation Financial Services Data Governance For Us Regulatory Reporting Financial Services Data Integration Hub Financial Services Enterprise Financial Performance Analytics Financial Services Funds Transfer Pricing Financial Services Hedge Management And Ifrs Valuations Financial Services Institutional Performance Analytics Financial Services Liquidity Risk Management Financial Services Liquidity Risk Measurement And Management Financial Services Loan Loss Forecasting And Provisioning Financial Services Market Risk Measurement And Management Financial Services Price Creation And Discovery Financial Services Profitability Management Financial Services Regulatory Reporting For De Nederlandsche Bank Financial Services Regulatory Reporting For European Banking Authority Financial Services Regulatory Reporting For Us Federal Reserve Financial Services Retail Customer Analytics Financial Services Retail Performance Analytics Financial Services Revenue Management And Billing Fusion Middleware Mapviewer Healthcare Foundation Healthcare Translational Research Hospitality Guest Access Hospitality Materials Control Hospitality Simphony Identity Manager Insurance Accounting Analyzer Insurance Allocation Manager For Enterprise Profitability Insurance Data Foundation Insurance Ifrs 17 Analyzer Insurance Insbridge Rating And Underwriting Insurance Performance Insight Jd Edwards Enterpriseone Tools Jdeveloper Jdeveloper And Adf Knowledge Peoplesoft Enterprise Peopletools Policy Automation Policy Automation Connector For Siebel Policy Automation For Mobile Devices Primavera Gateway Primavera Unifier Real-time Scheduler Rest Data Services Retail Back Office Retail Central Office Retail Customer Insights Retail Customer Management And Segmentation Foundation Retail Point-of-service Retail Returns Management Service Bus Siebel Mobile Applications Siebel Ui Framework Storagetek Tape Analytics Sw Tool System Utilities Tape Library Acsls Transportation Management Utilities Mobile Workforce Management Webcenter Sites Weblogic Server

Redhat Cloudforms Cloudforms Managementengine Enterprise Linux Jboss Enterprise Application Platform Jboss Single Sign On Openshift Openstack Red Hat Single Sign On Rhev Manager Rhosemc Virtualization Manager

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-04-19T00:00:00.000Z

Updated: 2024-11-15T15:11:23.024Z

Reserved: 2019-04-19T00:00:00.000Z

Link: CVE-2019-11358

Vulnrichment

Updated: 2024-08-04T22:48:09.199Z

NVD

Status : Modified

Published: 2019-04-20T00:29:00.247

Modified: 2024-11-21T04:20:56.320

Link: CVE-2019-11358

Redhat

Severity : Moderate

Publid Date: 2019-03-27T00:00:00Z

Links: CVE-2019-11358 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object