CVE-2019-11358 - Vulnerability Details

CVE-2019-11358 - jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00838.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::

Configuration 4 [-]

OR	cpe:2.3:a:backdropcms:backdrop::::::::
	cpe:2.3:a:backdropcms:backdrop::::::::

Configuration 5 [-]

OR	cpe:2.3:o:fedoraproject:fedora:28:::::::*
	cpe:2.3:o:fedoraproject:fedora:29:::::::*
	cpe:2.3:o:fedoraproject:fedora:30:::::::*

Configuration 6 [-]

OR	cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::
	cpe:2.3:o:opensuse:leap:15.1:::::::*

Configuration 7 [-]

OR	cpe:2.3:a:netapp:oncommand_system_manager::::::::
	cpe:2.3:a:netapp:snapcenter:-:::::::*

Configuration 8 [-]

OR	cpe:2.3:a:redhat:cloudforms:4.7:::::::*
	cpe:2.3:a:redhat:virtualization_manager:4.3:::::::*

Configuration 9 [-]

OR	cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:::::::*
	cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:::::::*
	cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:::::::*
	cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:::::::*
	cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:::::::*
	cpe:2.3:a:oracle:application_express::::::::
	cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:::::::*
	cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:::::::*
	cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.2:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.3:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:18.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:18.2:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:18.3:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:19.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:19.2:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:20.1:::::::*
	cpe:2.3:a:oracle:banking_enterprise_collections::::::::
	cpe:2.3:a:oracle:banking_platform::::::::
	cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:::::::*
	cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:big_data_discovery:1.6:::::::*
	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:communications_analytics:12.1.1:::::::*
	cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:::::::*
	cpe:2.3:a:oracle:communications_eagle_application_processor::::::::
	cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.2.1:::::::*
	cpe:2.3:a:oracle:communications_interactive_session_recorder::::::::
	cpe:2.3:a:oracle:communications_operations_monitor::::::::
	cpe:2.3:a:oracle:communications_operations_monitor:3.4:::::::*
	cpe:2.3:a:oracle:communications_operations_monitor:4.0:::::::*
	cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:::::::*
	cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:::::::*
	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:::::::*
	cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:::::::*
	cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework::::::::
cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_asset_liability_management::::::::
cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:::::::*
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic::::::::
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach::::::::
cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_data_foundation::::::::
cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting::::::::
cpe:2.3:a:oracle:financial_services_data_integration_hub::::::::
cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:::::::*
cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:::::::*
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing::::::::
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations::::::::
cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics::::::::
cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:::::::*
cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning::::::::
cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:::::::*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:::::::*
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:::::::*
cpe:2.3:a:oracle:financial_services_price_creation_and_discovery::::::::
cpe:2.3:a:oracle:financial_services_profitability_management::::::::
cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:::::::*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:::::::*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:::::::*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:::::::*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve::::::::
cpe:2.3:a:oracle:financial_services_retail_customer_analytics::::::::
cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:::::::*
cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:::::::*
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:::::::*
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:::::::*
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:healthcare_foundation:7.1.1:::::::*
cpe:2.3:a:oracle:healthcare_foundation:7.2.0:::::::*
cpe:2.3:a:oracle:healthcare_foundation:7.2.2:::::::*
cpe:2.3:a:oracle:healthcare_foundation:7.3.0:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:::::::*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
cpe:2.3:a:oracle:hospitality_materials_control:18.1:::::::*
cpe:2.3:a:oracle:hospitality_simphony::::::::
cpe:2.3:a:oracle:hospitality_simphony:18.1:::::::*
cpe:2.3:a:oracle:hospitality_simphony:18.2:::::::*
cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:::::::*
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:::::::*
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:::::::*
cpe:2.3:a:oracle:insurance_data_foundation::::::::
cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:::::::*
cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:::::::*
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting::::::::
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:::::::*
cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:::::::*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:::::::*
cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:::::::*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:::::::*
cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:knowledge::::::::
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:policy_automation::::::::
cpe:2.3:a:oracle:policy_automation:10.4.7:::::::*
cpe:2.3:a:oracle:policy_automation:12.1.0:::::::*
cpe:2.3:a:oracle:policy_automation:12.1.1:::::::*
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:::::::*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices::::::::
cpe:2.3:a:oracle:primavera_gateway::::::::
cpe:2.3:a:oracle:primavera_gateway::::::::
cpe:2.3:a:oracle:primavera_gateway::::::::
cpe:2.3:a:oracle:primavera_gateway::::::::
cpe:2.3:a:oracle:primavera_gateway:15.2.18:::::::*
cpe:2.3:a:oracle:primavera_unifier::::::::
cpe:2.3:a:oracle:primavera_unifier:16.1:::::::*
cpe:2.3:a:oracle:primavera_unifier:16.2:::::::*
cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
cpe:2.3:a:oracle:real-time_scheduler::::::::
cpe:2.3:a:oracle:rest_data_services:11.2.0.4::::-:::
cpe:2.3:a:oracle:rest_data_services:12.1.0.2::::-:::
cpe:2.3:a:oracle:rest_data_services:12.2.0.1::::-:::
cpe:2.3:a:oracle:rest_data_services:18c::::-:::
cpe:2.3:a:oracle:rest_data_services:19c::::-:::
cpe:2.3:a:oracle:retail_back_office:14.0:::::::*
cpe:2.3:a:oracle:retail_back_office:14.1:::::::*
cpe:2.3:a:oracle:retail_central_office:14.0:::::::*
cpe:2.3:a:oracle:retail_central_office:14.1:::::::*
cpe:2.3:a:oracle:retail_customer_insights:15.0:::::::*
cpe:2.3:a:oracle:retail_customer_insights:16.0:::::::*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:::::::*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:::::::*
cpe:2.3:a:oracle:retail_point-of-service:14.0:::::::*
cpe:2.3:a:oracle:retail_point-of-service:14.1:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.1:::::::*
cpe:2.3:a:oracle:service_bus:11.1.1.9.0:::::::*
cpe:2.3:a:oracle:service_bus:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:service_bus:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:siebel_mobile_applications::::::::
cpe:2.3:a:oracle:siebel_ui_framework:20.8:::::::*
cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:::::::*
cpe:2.3:a:oracle:system_utilities:19.1:::::::*
cpe:2.3:a:oracle:tape_library_acsls:8.5:::::::*
cpe:2.3:a:oracle:tape_library_acsls:8.5.1:::::::*
cpe:2.3:a:oracle:transportation_management:1.4.3:::::::*
cpe:2.3:a:oracle:utilities_mobile_workforce_management::::::::
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*

Configuration 10 [-]

cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

Configuration 11 [-]

cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
CloudForms Management Engine 5.10
ansible-tower-0:3.5.2-1.el7at	cpe:/a:redhat:cloudforms_managementengine:5.10::el7	RHSA-2019:2587	2019-09-05T00:00:00Z
cfme-0:5.10.9.1-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.10::el7	RHSA-2019:2587	2019-09-05T00:00:00Z
cfme-amazon-smartstate-0:5.10.9.1-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.10::el7	RHSA-2019:2587	2019-09-05T00:00:00Z
cfme-appliance-0:5.10.9.1-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.10::el7	RHSA-2019:2587	2019-09-05T00:00:00Z
cfme-gemset-0:5.10.9.1-1.el7cf	cpe:/a:redhat:cloudforms_managementengine:5.10::el7	RHSA-2019:2587	2019-09-05T00:00:00Z
ovirt-ansible-hosted-engine-setup-0:1.0.23-1.el7ev	cpe:/a:redhat:cloudforms_managementengine:5.10::el7	RHSA-2019:2587	2019-09-05T00:00:00Z
ovirt-ansible-roles-0:1.1.7-1.el7ev	cpe:/a:redhat:cloudforms_managementengine:5.10::el7	RHSA-2019:2587	2019-09-05T00:00:00Z
ovirt-ansible-vm-infra-0:1.1.19-1.el7ev	cpe:/a:redhat:cloudforms_managementengine:5.10::el7	RHSA-2019:2587	2019-09-05T00:00:00Z
v2v-conversion-host-0:1.14.2-1.el7ev	cpe:/a:redhat:cloudforms_managementengine:5.10::el7	RHSA-2019:2587	2019-09-05T00:00:00Z
Red Hat Enterprise Linux 7
ipa-0:4.6.8-5.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:3936	2020-09-29T00:00:00Z
pcs-0:0.9.169-3.el7_9.3	cpe:/o:redhat:enterprise_linux:7	RHSA-2022:7343	2022-11-02T00:00:00Z
Red Hat Enterprise Linux 8
idm:client-8030020200923172426.05ac3f11	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4670	2020-11-04T00:00:00Z
idm:DL1-8030020200923172343.9c827e52	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4670	2020-11-04T00:00:00Z
pki-core:10.6-8030020200911215836.5ff1562f	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4847	2020-11-04T00:00:00Z
pki-deps:10.6-8030020200527165326.30b713e6	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4847	2020-11-04T00:00:00Z
pcs-0:0.10.10-4.el8	cpe:/a:redhat:enterprise_linux:8::highavailability	RHSA-2021:4142	2021-11-09T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7
jquery	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2023:0556	2023-01-31T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:0553	2023-01-31T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:0554	2023-01-31T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:0552	2023-01-31T00:00:00Z
Red Hat OpenShift Container Platform 3.11
atomic-enterprise-service-catalog-1:3.11.170-1.git.1.91db82e.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
atomic-openshift-0:3.11.170-1.git.0.00cac56.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
atomic-openshift-cluster-autoscaler-0:3.11.170-1.git.1.0a0df6a.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
atomic-openshift-descheduler-0:3.11.170-1.git.1.9ad83f2.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
atomic-openshift-dockerregistry-0:3.11.170-1.git.1.55fab05.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
atomic-openshift-metrics-server-0:3.11.170-1.git.1.357f177.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
atomic-openshift-node-problem-detector-0:3.11.170-1.git.1.b1f90a6.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
atomic-openshift-service-idler-0:3.11.170-1.git.1.8328979.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
atomic-openshift-web-console-0:3.11.170-1.git.1.3d64e8b.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
cri-o-0:1.11.16-0.5.dev.rhaos3.11.git3f89eba.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
golang-github-openshift-oauth-proxy-0:3.11.170-1.git.1.b49be83.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
golang-github-prometheus-alertmanager-0:3.11.170-1.git.1.61d7960.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
golang-github-prometheus-node_exporter-0:3.11.170-1.git.1.51473b7.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
golang-github-prometheus-prometheus-0:3.11.170-1.git.1.227bc98.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
jenkins-0:2.204.2.1580891656-1.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
jenkins-2-plugins-0:3.11.1579107288-1.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
openshift-ansible-0:3.11.170-2.git.5.8802564.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
openshift-enterprise-autoheal-0:3.11.170-1.git.1.dfe6c52.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
openshift-enterprise-cluster-capacity-0:3.11.170-1.git.1.661684b.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
openshift-kuryr-0:3.11.170-1.git.1.7265da1.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:0402	2020-02-19T00:00:00Z
Red Hat OpenShift Container Platform 4.5
openshift4/ose-console:v4.5.0-202007012112.p0	cpe:/a:redhat:openshift:4.5::el7	RHSA-2020:2412	2020-07-13T00:00:00Z
Red Hat OpenShift Container Platform 4.6
openshift4/ose-prometheus:v4.6.0-202009290409.p0	cpe:/a:redhat:openshift:4.6::el8	RHSA-2020:4298	2020-10-27T00:00:00Z
Red Hat OpenStack Platform 13.0 (Queens)
python-XStatic-jQuery-0:2.2.4.1-3.el7ost	cpe:/a:redhat:openstack:13::el7	RHSA-2020:5581	2020-12-16T00:00:00Z
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS
python-XStatic-jQuery-0:2.2.4.1-3.el7ost	cpe:/a:redhat:openstack:13::el7	RHSA-2020:5581	2020-12-16T00:00:00Z
Red Hat OpenStack Platform 15.0 (Stein)
python-XStatic-jQuery-0:3.4.1.0-1.el8ost	cpe:/a:redhat:openstack:15::el8	RHSA-2020:1325	2020-04-06T00:00:00Z
Red Hat Single Sign-On 7
keycloak-idp-jquery	cpe:/a:redhat:red_hat_single_sign_on:7.6	RHSA-2023:1049	2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.3.2 zip
	cpe:/a:redhat:jboss_single_sign_on:7.3	RHSA-2019:1456	2019-06-11T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 7
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7	RHSA-2023:1043	2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 8
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8	RHSA-2023:1044	2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 9
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9	RHSA-2023:1045	2023-03-01T00:00:00Z
Red Hat Virtualization Engine 4.3
ovirt-engine-api-explorer-0:0.0.5-1.el7ev	cpe:/a:redhat:rhev_manager:4.3	RHBA-2019:1570	2019-06-20T00:00:00Z
ovirt-engine-ui-extensions-0:1.0.10-1.el7ev	cpe:/a:redhat:rhev_manager:4.3	RHSA-2019:3023	2019-10-10T00:00:00Z
ovirt-web-ui-0:1.6.0-1.el7ev	cpe:/a:redhat:rhev_manager:4.3	RHSA-2019:3024	2019-10-10T00:00:00Z
RHEL-8 based Middleware Containers
rh-sso-7/sso76-openshift-rhel8:7.6-20	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2023:1047	2023-03-01T00:00:00Z

No data.

Project Subscriptions

Vendors	Products
Backdropcms Subscribe	Backdrop Subscribe
Debian Subscribe	Debian Linux Subscribe
Drupal Subscribe	Drupal Subscribe
Fedoraproject Subscribe	Fedora Subscribe
Joomla Subscribe	Joomla\! Subscribe
Jquery Subscribe	Jquery Subscribe
Juniper Subscribe	Junos Subscribe
Netapp Subscribe	Oncommand System Manager Subscribe Snapcenter Subscribe
Opensuse Subscribe	Backports Sle Subscribe Leap Subscribe
Oracle Subscribe	Agile Product Lifecycle Management For Process Subscribe Application Express Subscribe Application Service Level Management Subscribe Application Testing Suite Subscribe Banking Digital Experience Subscribe Banking Enterprise Collections Subscribe Banking Platform Subscribe Bi Publisher Subscribe Big Data Discovery Subscribe Business Process Management Suite Subscribe Communications Analytics Subscribe Communications Application Session Controller Subscribe Communications Billing And Revenue Management Subscribe Communications Diameter Signaling Router Subscribe Communications Eagle Application Processor Subscribe Communications Element Manager Subscribe Communications Interactive Session Recorder Subscribe Communications Operations Monitor Subscribe Communications Services Gatekeeper Subscribe Communications Session Report Manager Subscribe Communications Session Route Manager Subscribe Communications Unified Inventory Management Subscribe Communications Webrtc Session Controller Subscribe Diagnostic Assistant Subscribe Enterprise Manager Ops Center Subscribe Enterprise Session Border Controller Subscribe Financial Services Analytical Applications Infrastructure Subscribe Financial Services Analytical Applications Reconciliation Framework Subscribe Financial Services Asset Liability Management Subscribe Financial Services Balance Sheet Planning Subscribe Financial Services Basel Regulatory Capital Basic Subscribe Financial Services Basel Regulatory Capital Internal Ratings Based Approach Subscribe Financial Services Data Foundation Subscribe Financial Services Data Governance For Us Regulatory Reporting Subscribe Financial Services Data Integration Hub Subscribe Financial Services Enterprise Financial Performance Analytics Subscribe Financial Services Funds Transfer Pricing Subscribe Financial Services Hedge Management And Ifrs Valuations Subscribe Financial Services Institutional Performance Analytics Subscribe Financial Services Liquidity Risk Management Subscribe Financial Services Liquidity Risk Measurement And Management Subscribe Financial Services Loan Loss Forecasting And Provisioning Subscribe Financial Services Market Risk Measurement And Management Subscribe Financial Services Price Creation And Discovery Subscribe Financial Services Profitability Management Subscribe Financial Services Regulatory Reporting For De Nederlandsche Bank Subscribe Financial Services Regulatory Reporting For European Banking Authority Subscribe Financial Services Regulatory Reporting For Us Federal Reserve Subscribe Financial Services Retail Customer Analytics Subscribe Financial Services Retail Performance Analytics Subscribe Financial Services Revenue Management And Billing Subscribe Fusion Middleware Mapviewer Subscribe Healthcare Foundation Subscribe Healthcare Translational Research Subscribe Hospitality Guest Access Subscribe Hospitality Materials Control Subscribe Hospitality Simphony Subscribe Identity Manager Subscribe Insurance Accounting Analyzer Subscribe Insurance Allocation Manager For Enterprise Profitability Subscribe Insurance Data Foundation Subscribe Insurance Ifrs 17 Analyzer Subscribe Insurance Insbridge Rating And Underwriting Subscribe Insurance Performance Insight Subscribe Jd Edwards Enterpriseone Tools Subscribe Jdeveloper Subscribe Jdeveloper And Adf Subscribe Knowledge Subscribe Peoplesoft Enterprise Peopletools Subscribe Policy Automation Subscribe Policy Automation Connector For Siebel Subscribe Policy Automation For Mobile Devices Subscribe Primavera Gateway Subscribe Primavera Unifier Subscribe Real-time Scheduler Subscribe Rest Data Services Subscribe Retail Back Office Subscribe Retail Central Office Subscribe Retail Customer Insights Subscribe Retail Customer Management And Segmentation Foundation Subscribe Retail Point-of-service Subscribe Retail Returns Management Subscribe Service Bus Subscribe Siebel Mobile Applications Subscribe Siebel Ui Framework Subscribe Storagetek Tape Analytics Sw Tool Subscribe System Utilities Subscribe Tape Library Acsls Subscribe Transportation Management Subscribe Utilities Mobile Workforce Management Subscribe Webcenter Sites Subscribe Weblogic Server Subscribe
Redhat Subscribe	Cloudforms Subscribe Cloudforms Managementengine Subscribe Enterprise Linux Subscribe Jboss Enterprise Application Platform Subscribe Jboss Single Sign On Subscribe Openshift Subscribe Openstack Subscribe Red Hat Single Sign On Subscribe Rhev Manager Subscribe Rhosemc Subscribe Virtualization Manager Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-1777-1	jquery security update
Debian DLA	DLA-1797-1	drupal7 security update
Debian DLA	DLA-2118-1	otrs2 security update
Debian DLA	DLA-3551-1	otrs2 security update
Debian DSA	DSA-4434-1	drupal7 security update
Debian DSA	DSA-4460-1	mediawiki security update
Github GHSA	GHSA-6c3j-c64m-qhgq	XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Ubuntu USN	USN-7622-1	jQuery vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
http://seclists.org/fulldisclosure/2019/May/10
http://seclists.org/fulldisclosure/2019/May/11
http://seclists.org/fulldisclosure/2019/May/13
http://www.openwall.com/lists/oss-security/2019/06/03/2
http://www.securityfocus.com/bid/108023
https://access.redhat.com/errata/RHBA-2019:1570
https://access.redhat.com/errata/RHSA-2019:1456
https://access.redhat.com/errata/RHSA-2019:2587
https://access.redhat.com/errata/RHSA-2019:3023
https://access.redhat.com/errata/RHSA-2019:3024
https://backdropcms.org/security/backdrop-sa-core-2019-009
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
https://github.com/jquery/jquery/pull/4333
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E
https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E
https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/
https://nvd.nist.gov/vuln/detail/CVE-2019-11358
https://seclists.org/bugtraq/2019/Apr/32
https://seclists.org/bugtraq/2019/Jun/12
https://seclists.org/bugtraq/2019/May/18
https://security.netapp.com/advisory/ntap-20190919-0001/
https://snyk.io/vuln/SNYK-JS-JQUERY-174006
https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1
https://www.cve.org/CVERecord?id=CVE-2019-11358
https://www.debian.org/security/2019/dsa-4434
https://www.debian.org/security/2019/dsa-4460
https://www.drupal.org/sa-core-2019-006
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/
https://www.synology.com/security/advisory/Synology_SA_19_19
https://www.tenable.com/security/tns-2019-08
https://www.tenable.com/security/tns-2020-02

History

Fri, 11 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.02394}`	epss `{'score': 0.02777}`

Fri, 15 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-04-19T00:00:00.000Z

Updated: 2024-11-15T15:11:23.024Z

Reserved: 2019-04-19T00:00:00.000Z

Link: CVE-2019-11358

Vulnrichment

Updated: 2024-08-04T22:48:09.199Z

NVD

Status : Modified

Published: 2019-04-20T00:29:00.247

Modified: 2024-11-21T04:20:56.320

Link: CVE-2019-11358

Redhat

Severity : Moderate

Publid Date: 2019-03-27T00:00:00Z

Links: CVE-2019-11358 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object