{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2019-11358", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-15T15:11:23.024Z", "dateReserved": "2019-04-19T00:00:00", "datePublished": "2019-04-19T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-31T02:06:52.187292"}, "descriptions": [{"lang": "en", "value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.drupal.org/sa-core-2019-006"}, {"url": "https://www.synology.com/security/advisory/Synology_SA_19_19"}, {"name": "DSA-4434", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2019/dsa-4434"}, {"name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update", "tags": ["mailing-list"], "url": "https://seclists.org/bugtraq/2019/Apr/32"}, {"name": "108023", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/108023"}, {"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"}, {"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"}, {"name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"}, {"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"}, {"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"}, {"name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"}, {"name": "FEDORA-2019-eba8e44ee6", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"}, {"name": "FEDORA-2019-1a3edd7e8a", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"}, {"name": "FEDORA-2019-7eaf0bbe7c", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"}, {"name": "FEDORA-2019-2a0ce0c58c", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"}, {"name": "FEDORA-2019-a06dffab1c", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"}, {"name": "FEDORA-2019-f563e66380", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"}, {"name": "20190509 dotCMS v5.1.1 Vulnerabilities", "tags": ["mailing-list"], "url": "https://seclists.org/bugtraq/2019/May/18"}, {"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"}, {"name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2019/May/11"}, {"name": "20190510 dotCMS v5.1.1 Vulnerabilities", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2019/May/10"}, {"name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2019/May/13"}, {"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"}, {"name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"}, {"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"}, {"name": "RHSA-2019:1456", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1456"}, {"name": "DSA-4460", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2019/dsa-4460"}, {"name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update", "tags": ["mailing-list"], "url": "https://seclists.org/bugtraq/2019/Jun/12"}, {"name": "openSUSE-SU-2019:1839", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"}, {"name": "RHBA-2019:1570", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHBA-2019:1570"}, {"name": "openSUSE-SU-2019:1872", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"}, {"name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"}, {"name": "RHSA-2019:2587", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2587"}, {"url": "https://security.netapp.com/advisory/ntap-20190919-0001/"}, {"name": "RHSA-2019:3023", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3023"}, {"name": "RHSA-2019:3024", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3024"}, {"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"}, {"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"}, {"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"}, {"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"}, {"url": "https://www.tenable.com/security/tns-2019-08"}, {"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"}, {"name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"}, {"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"}, {"url": "https://www.tenable.com/security/tns-2020-02"}, {"name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"}, {"name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"}, {"name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"}, {"name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"}, {"name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"}, {"name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"}, {"name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"}, {"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"}, {"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"}, {"url": "https://github.com/jquery/jquery/pull/4333"}, {"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"}, {"url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"}, {"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:48:09.199Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.drupal.org/sa-core-2019-006", "tags": ["x_transferred"]}, {"url": "https://www.synology.com/security/advisory/Synology_SA_19_19", "tags": ["x_transferred"]}, {"name": "DSA-4434", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4434"}, {"name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Apr/32"}, {"name": "108023", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securityfocus.com/bid/108023"}, {"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"}, {"name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"}, {"name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"}, {"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"}, {"name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"}, {"name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"}, {"name": "FEDORA-2019-eba8e44ee6", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"}, {"name": "FEDORA-2019-1a3edd7e8a", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"}, {"name": "FEDORA-2019-7eaf0bbe7c", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"}, {"name": "FEDORA-2019-2a0ce0c58c", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"}, {"name": "FEDORA-2019-a06dffab1c", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"}, {"name": "FEDORA-2019-f563e66380", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"}, {"name": "20190509 dotCMS v5.1.1 Vulnerabilities", "tags": ["mailing-list", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/May/18"}, {"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "tags": ["x_transferred"]}, {"name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/May/11"}, {"name": "20190510 dotCMS v5.1.1 Vulnerabilities", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/May/10"}, {"name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/May/13"}, {"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"}, {"name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"}, {"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "tags": ["x_transferred"]}, {"name": "RHSA-2019:1456", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1456"}, {"name": "DSA-4460", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4460"}, {"name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update", "tags": ["mailing-list", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jun/12"}, {"name": "openSUSE-SU-2019:1839", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"}, {"name": "RHBA-2019:1570", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHBA-2019:1570"}, {"name": "openSUSE-SU-2019:1872", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"}, {"name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"}, {"name": "RHSA-2019:2587", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2587"}, {"url": "https://security.netapp.com/advisory/ntap-20190919-0001/", "tags": ["x_transferred"]}, {"name": "RHSA-2019:3023", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3023"}, {"name": "RHSA-2019:3024", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3024"}, {"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"}, {"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"}, {"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"}, {"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"}, {"url": "https://www.tenable.com/security/tns-2019-08", "tags": ["x_transferred"]}, {"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"}, {"name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"}, {"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", "tags": ["x_transferred"]}, {"url": "https://www.tenable.com/security/tns-2020-02", "tags": ["x_transferred"]}, {"name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"}, {"name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"}, {"name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"}, {"name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"}, {"name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"}, {"name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"}, {"name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["x_transferred"]}, {"name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "tags": ["x_transferred"]}, {"url": "https://backdropcms.org/security/backdrop-sa-core-2019-009", "tags": ["x_transferred"]}, {"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "tags": ["x_transferred"]}, {"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", "tags": ["x_transferred"]}, {"url": "https://github.com/jquery/jquery/pull/4333", "tags": ["x_transferred"]}, {"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "tags": ["x_transferred"]}, {"url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["x_transferred"]}, {"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "tags": ["x_transferred"]}, {"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-20T15:03:16.892088Z", "id": "CVE-2019-11358", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T15:11:23.024Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.drupal.org/sa-core-2019-006", "tags": ["x_transferred"]}, {"url": "https://www.synology.com/security/advisory/Synology_SA_19_19", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2019/dsa-4434", "name": "DSA-4434", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://seclists.org/bugtraq/2019/Apr/32", "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/108023", "name": "108023", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", "name": "FEDORA-2019-eba8e44ee6", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", "name": "FEDORA-2019-1a3edd7e8a", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", "name": "FEDORA-2019-7eaf0bbe7c", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", "name": "FEDORA-2019-2a0ce0c58c", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", "name": "FEDORA-2019-a06dffab1c", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", "name": "FEDORA-2019-f563e66380", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2019/06/03/2", "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:1456", "name": "RHSA-2019:1456", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://www.debian.org/security/2019/dsa-4460", "name": "DSA-4460", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://seclists.org/bugtraq/2019/Jun/12", "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "name": "openSUSE-SU-2019:1839", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHBA-2019:1570", "name": "RHBA-2019:1570", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "name": "openSUSE-SU-2019:1872", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:2587", "name": "RHSA-2019:2587", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20190919-0001/", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3023", "name": "RHSA-2019:3023", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3024", "name": "RHSA-2019:3024", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://www.tenable.com/security/tns-2019-08", "tags": ["x_transferred"]}, {"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html", "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", "tags": ["x_transferred"]}, {"url": "https://www.tenable.com/security/tns-2020-02", "tags": ["x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E", "name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E", "name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E", "name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "tags": ["x_transferred"]}, {"url": "https://backdropcms.org/security/backdrop-sa-core-2019-009", "tags": ["x_transferred"]}, {"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "tags": ["x_transferred"]}, {"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", "tags": ["x_transferred"]}, {"url": "https://github.com/jquery/jquery/pull/4333", "tags": ["x_transferred"]}, {"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", "tags": ["x_transferred"]}, {"url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["x_transferred"]}, {"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "tags": ["x_transferred"]}, {"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:48:09.199Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-11358", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-20T15:03:16.892088Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T15:11:14.055Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.drupal.org/sa-core-2019-006"}, {"url": "https://www.synology.com/security/advisory/Synology_SA_19_19"}, {"url": "https://www.debian.org/security/2019/dsa-4434", "name": "DSA-4434", "tags": ["vendor-advisory"]}, {"url": "https://seclists.org/bugtraq/2019/Apr/32", "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update", "tags": ["mailing-list"]}, {"url": "http://www.securityfocus.com/bid/108023", "name": "108023", "tags": ["vdb-entry"]}, {"url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E", "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", "tags": ["mailing-list"]}, {"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update", "tags": ["mailing-list"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", "name": "FEDORA-2019-eba8e44ee6", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", "name": "FEDORA-2019-1a3edd7e8a", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", "name": "FEDORA-2019-7eaf0bbe7c", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", "name": "FEDORA-2019-2a0ce0c58c", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", "name": "FEDORA-2019-a06dffab1c", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", "name": "FEDORA-2019-f563e66380", "tags": ["vendor-advisory"]}, {"url": "https://seclists.org/bugtraq/2019/May/18", "name": "20190509 dotCMS v5.1.1 Vulnerabilities", "tags": ["mailing-list"]}, {"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"}, {"url": "http://seclists.org/fulldisclosure/2019/May/11", "name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", "tags": ["mailing-list"]}, {"url": "http://seclists.org/fulldisclosure/2019/May/10", "name": "20190510 dotCMS v5.1.1 Vulnerabilities", "tags": ["mailing-list"]}, {"url": "http://seclists.org/fulldisclosure/2019/May/13", "name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", "tags": ["mailing-list"]}, {"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2019/06/03/2", "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)", "tags": ["mailing-list"]}, {"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1456", "name": "RHSA-2019:1456", "tags": ["vendor-advisory"]}, {"url": "https://www.debian.org/security/2019/dsa-4460", "name": "DSA-4460", "tags": ["vendor-advisory"]}, {"url": "https://seclists.org/bugtraq/2019/Jun/12", "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update", "tags": ["mailing-list"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", "name": "openSUSE-SU-2019:1839", "tags": ["vendor-advisory"]}, {"url": "https://access.redhat.com/errata/RHBA-2019:1570", "name": "RHBA-2019:1570", "tags": ["vendor-advisory"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", "name": "openSUSE-SU-2019:1872", "tags": ["vendor-advisory"]}, {"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", "tags": ["mailing-list"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:2587", "name": "RHSA-2019:2587", "tags": ["vendor-advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20190919-0001/"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3023", "name": "RHSA-2019:3023", "tags": ["vendor-advisory"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3024", "name": "RHSA-2019:3024", "tags": ["vendor-advisory"]}, {"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "tags": ["mailing-list"]}, {"url": "https://www.tenable.com/security/tns-2019-08"}, {"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", "tags": ["mailing-list"]}, {"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html", "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update", "tags": ["mailing-list"]}, {"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"}, {"url": "https://www.tenable.com/security/tns-2020-02"}, {"url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E", "name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E", "name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "tags": ["mailing-list"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E", "name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1", "tags": ["mailing-list"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"}, {"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"}, {"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"}, {"url": "https://github.com/jquery/jquery/pull/4333"}, {"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"}, {"url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-31T02:06:52.187292"}}}, "cveMetadata": {"cveId": "CVE-2019-11358", "state": "PUBLISHED", "dateUpdated": "2024-11-15T15:11:23.024Z", "dateReserved": "2019-04-19T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2019-04-19T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2D193C7-2259-492F-8B85-E74C57A7426A", "versionEndExcluding": "3.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC5AB839-4DAC-45E7-9D0B-B528F6D12043", "versionEndExcluding": "7.66", "versionStartIncluding": "7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "9106BF81-B898-4EB0-B63C-9919D3B22260", "versionEndExcluding": "8.5.15", "versionStartIncluding": "8.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B37281E-9B44-42A5-AE0A-17CE6770995C", "versionEndExcluding": "8.6.15", "versionStartIncluding": "8.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "matchCriteriaId": "E75C32CE-3FA9-4DC2-A22A-4A841D4911EB", "versionEndExcluding": "1.11.9", "versionStartIncluding": "1.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6F204D6-2C8A-4517-8E3C-328ED0D9D3E4", "versionEndExcluding": "1.12.6", "versionStartIncluding": "1.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9273745-6408-4CD3-94E8-9385D4F5FE69", "versionEndIncluding": "3.1.3", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*", "matchCriteriaId": "04AC556D-D511-4C4C-B9FB-A089BB2FEFD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "9FA1A18F-D997-4121-A01B-FD9B3BF266CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "230E2167-9107-4994-8328-295575E17DF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A079FD6E-3BB0-4997-9A8E-6F8FEC89887A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "900D2344-5160-42A0-8C49-36DBC7FF3D87", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4AA4B21-1BA9-4ED8-B9EA-558AF8655D24", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9C3F9EE5-FCFC-45B8-9F57-C05D42EE0FF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*", "matchCriteriaId": "90CFEC52-A574-493E-A2AC-0EC21851BBFA", "versionEndExcluding": "19.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3665B8A2-1F1A-490F-B01D-5B3455A6A539", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A8577D60-A711-493D-9246-E49D0E2B07E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "17EA8B91-7634-4636-B647-1049BA7CA088", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5B4DF46F-DBCC-41F2-A260-F83A14838F23", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "5E5BC0B6-0C66-4FC5-81F0-6AC9BEC0813E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*", "matchCriteriaId": "C784CEE8-F071-4583-A72D-F46C7C95FEC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", "matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", "matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", "matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", "matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", "matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*", "matchCriteriaId": "660DB443-6250-4956-ABD1-C6A522B8DCCA", "versionEndIncluding": "2.8.0", "versionStartIncluding": "2.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "3625D477-1338-46CB-90B1-7291D617DC39", "versionEndIncluding": "2.10.0", "versionStartIncluding": "2.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "5CD806C1-CC17-47BD-8BB0-9430C4253BC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9DC56004-4497-4CDD-AE76-5E3DFAE170F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "274A0CF5-41E8-42E0-9931-F7372A65B9C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "8C4C38FF-B75B-4DF1-BFB3-C91BDD10D90E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "55D98C27-734F-490B-92D5-251805C841B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*", "matchCriteriaId": "B796AC70-A220-48D8-B8CD-97CF57227962", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "matchCriteriaId": "790A89FD-6B86-49AE-9B4F-AE7262915E13", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "7231AF76-3D46-41C4-83E9-6E9E12940BD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FCA44E38-EB8C-4E2D-8611-B201F47520E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A0E3537-CB5A-40BF-B42C-CED9211B8892", "versionEndIncluding": "16.4.0", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "0C57FD3A-0CC1-4BA9-879A-8C4A40234162", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "698FB6D0-B26F-4760-9B9B-1C65FBFF2126", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F1D64BC-17BF-4DAE-B5FC-BC41F9C12DFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E16A16E-BFA3-4D17-9B4E-B42ADE725356", "versionEndIncluding": "6.4", "versionStartIncluding": "6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "9264AF8A-3819-40E5-BBCB-3B6C95A0D828", "versionEndIncluding": "4.3", "versionStartIncluding": "4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3517A27-E6EE-497C-9996-F78171BBE90F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C3CE8D5-6404-4CEB-953E-7B7961BC14D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "DB43DFD4-D058-4001-BD19-488E059F4532", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "086E2E5C-44EB-4C07-B298-C04189533996", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "AA77B994-3872-4059-854B-0974AA5593D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5682DAEB-3810-4541-833A-568C868BCE0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "8198E762-9AD9-452B-B1AF-516E52436B7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "D0D177F6-25D9-4696-8528-3F57D91BAC12", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "726DB59B-00C7-444E-83F7-CB31032482AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*", "matchCriteriaId": "80B6D265-9D72-45C3-AA2C-5B186E23CDAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "7015A8CB-8FA6-423E-8307-BD903244F517", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5BC32AA-78BE-468B-B92A-5A0FFFA970FA", "versionEndIncluding": "7.3.5", "versionStartIncluding": "7.3.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA699B16-5100-4485-9BB7-85B247743B17", "versionEndIncluding": "8.1.0", "versionStartIncluding": "8.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7E00BA1-E643-45D9-97D3-EF12C29DB262", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2ACA29E6-F393-46E5-B2B3-9158077819A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "703DA91D-3440-4C67-AA20-78F71B1376DD", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "39B8DFFF-B037-4F29-8C8E-F4BBC3435199", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "4D0D0EAC-300D-44B1-AD4A-93A368D5DBA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CB2A0EB-E1C7-4206-8E64-D2EE77C1CD86", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "8A566893-8DCF-49E4-93D0-0ACCEFD70D3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*", "matchCriteriaId": "A180039F-22C3-458E-967D-E07C61C69FAF", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "00E5D719-249D-48B8-BAFC-1E14D250B3F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C5F6B8C-2044-4E68-98BD-37B0CD108434", "versionEndIncluding": "8.0.8", "versionStartIncluding": "8.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "672949B4-1989-4AA7-806F-EEC07D07F317", "versionEndIncluding": "8.0.9", "versionStartIncluding": "8.0.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*", "matchCriteriaId": "73E05211-8415-42FB-9B93-959EB03B090B", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9476D1DA-C8A8-40A0-94DD-9B46C05FD461", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "7DEE0A37-6B9A-43FE-B3E0-8AB5CA368425", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "CF6A5433-A7D9-4521-9D28-E7684FB76E5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC15899F-8528-4D10-8CD5-F67121D7F293", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F727AAC6-6D9F-4B28-B07C-6A93916C43A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*", "matchCriteriaId": "30657F1B-D1FC-4EE6-9854-18993294A01D", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "51C17460-D326-4525-A7D1-0AED53E75E18", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "30F0991A-8507-48C4-9A8E-DE5B28C46A99", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A00142E6-EEB3-44BD-AB0D-0E5C5640557F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "00ED7CB0-96F7-4089-9047-A3AC241139C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "005E458D-4059-4E20-A620-B25DEBCE40C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "74008AEE-589F-423E-8D77-EA54C36D776A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FD85DB06-692F-4E81-BEB7-1E41B438D1FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "6149C89E-0111-4CF9-90CA-0662D2F75E04", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "6CDDF6CA-6441-4606-9D2F-22A67BA46978", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "6FA0B592-A216-4320-A4FE-ABCA6B3E7D7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "CEA4D6CF-D54A-40DF-9B70-E13392D0BE19", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB6C521C-F104-4E26-82F2-6F63F94108BC", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "397B1A24-7C95-4A73-8363-4529A7F6CFCC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "402B8642-7ACC-4F42-87A9-AB4D3B581751", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "EF6D5112-4055-4F89-A5B3-0DCB109481B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "D262848E-AA24-4057-A747-6221BA22ADF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:*", "matchCriteriaId": "2163B848-D684-4B17-969A-36E0866C5749", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "00615085-65B2-4211-A766-551842B3356F", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8E565DA-91BE-44FC-A28F-579BE8D2281A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "51DB64CA-8953-43BB-AEA9-D0D7E91E9FE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "669BA301-4D29-4692-823B-CDEDD2A5BD18", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "419559E6-5441-4335-8FE1-6ADAAD9355DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*", "matchCriteriaId": "036E4450-53C6-4322-9C7D-91DA94C9A3C9", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "89C26226-A3CF-4D36-BBDA-80E298E0A51F", "versionEndIncluding": "8.0.6", "versionStartIncluding": "8.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "F67D1332-621E-4756-B205-97A5CF670A19", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "6748C867-0A52-452B-B4D6-DA80396F4152", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A64B5C4C-DF69-4292-A534-EDC5955CDDAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C7141C66-0384-4BA1-A788-91DEB7EF1361", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "06E586B3-3434-4B08-8BE3-16C528642CA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "26A1F27B-C3AC-4D13-B9B2-2D6CF65D07BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B95E8056-51D8-4390-ADE3-661B7AE1D7CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "4EFC8DAB-E5D8-420C-B800-08F8C5BF3F4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9059A907-508B-4844-8D7B-0FA68C0DF6A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5ACB1D2-69CE-4B7D-9B51-D8F80E541631", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1F726C6-EA5A-40FF-8809-4F48E4AE6976", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "CD7C26E3-BB0D-4218-8176-319AEA2925C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "DD67072F-3CFC-480D-9360-81A05D523318", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "652E762A-BCDD-451E-9DE3-F1555C1E4B16", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*", "matchCriteriaId": "2AC63D10-2326-4542-B345-31D45B9A7408", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:*", "matchCriteriaId": "7BFD7783-BE15-421C-A550-7FE15AB53ABF", "versionEndIncluding": "19.1.2", "versionStartIncluding": "19.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*", "matchCriteriaId": "1F7BF047-03C5-4A60-B718-E222B16DBF41", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*", "matchCriteriaId": "E3A73D81-3E1A-42E6-AB96-835CDD5905F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AA10CA55-C155-4DAD-A109-87A80116F1A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "66136D6D-FC52-40DB-B7B6-BA8B7758CE16", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "06514F46-544B-4404-B45C-C9584EBC3131", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3BD4BF9A-BF38-460D-974D-5B3255AAF946", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:*", "matchCriteriaId": "92D538A5-819D-4DF7-85FE-4D4EB6E230E0", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "AEDA3A88-002B-4700-9277-3187C0A3E4B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "BE886BC5-F807-4627-8233-2290817FE205", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*", "matchCriteriaId": "B47C73D0-BE89-4D87-8765-12C507F13AFF", "versionEndIncluding": "5.6.0.0", "versionStartIncluding": "5.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5B8AA91A-1880-43CD-938D-48EF58ACF2CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "E6B5D7DB-C70E-4926-819F-E39B79F4D0C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "A7506589-9B3B-49BA-B826-774BFDCC45B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "37EB4A1D-A875-46B7-BEB0-694D1F400CF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2233F287-6B9F-4C8A-A724-959DD3AD29AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2381FAB6-8D36-4389-98E4-74F3462654BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E587602-BA7D-4087-BE29-ACE0B01BD590", "versionEndIncluding": "8.6.3", "versionStartIncluding": "8.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*", "matchCriteriaId": "84668F58-6511-4E53-8213-13B440F454C1", "versionEndIncluding": "12.2.15", "versionStartIncluding": "12.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "9D8B3B57-73D6-4402-987F-8AE723D52F94", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "62BF043E-BCB9-433D-BA09-7357853EE127", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3F26FB80-F541-4B59-AC3C-633F49388B59", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*", "matchCriteriaId": "12D3B2F0-E9C7-432B-91C6-A6C329A84B78", "versionEndIncluding": "12.2.15", "versionStartIncluding": "12.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "06CF27F6-ADC1-480C-9D2E-2BD1E7330C32", "versionEndIncluding": "16.2.11", "versionStartIncluding": "16.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4AA3854-C9FD-4287-85A0-EE7907D1E1ED", "versionEndIncluding": "17.12.7", "versionStartIncluding": "17.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8CD4002-F310-4BE4-AF7B-4BCCB17DA6FF", "versionEndIncluding": "18.8.9", "versionStartIncluding": "18.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "69112C56-7747-4E11-A938-85A481529F58", "versionEndIncluding": "19.12.4", "versionStartIncluding": "19.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*", "matchCriteriaId": "D9E628E7-6CC5-418C-939F-8EEA69B222A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:*", "matchCriteriaId": "99579D88-27C0-4B93-B2F4-69B6781BC4BD", "versionEndIncluding": "2.3.0.3", "versionStartIncluding": "2.3.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*", "matchCriteriaId": "36FC547E-861A-418C-A314-DA09A457B13A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*", "matchCriteriaId": "DF9FEE51-50E3-41E9-AA0D-272A640F85CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*", "matchCriteriaId": "E69E905F-2E1A-4462-9082-FF7B10474496", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*", "matchCriteriaId": "0F9B692C-8986-4F91-9EF4-2BB1E3B5C133", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*", "matchCriteriaId": "C5F4C40E-3ABC-4C59-B226-224262DCFF37", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "31C7EEA3-AA72-48DA-A112-2923DBB37773", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "83B5F416-56AE-4DC5-BCFF-49702463E716", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD4AB77A-E829-4603-AF6A-97B9CD0D687F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "6DE15D64-6F49-4F43-8079-0C7827384C86", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*", "matchCriteriaId": "36E16AEF-ACEB-413C-888C-8D250F65C180", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*", "matchCriteriaId": "9EFAEA84-E376-40A2-8C9F-3E0676FEC527", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "237968A4-AE89-44DC-8BA3-D9651F88883D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "959316A8-C3AF-4126-A242-3835ED0AD1E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E2B6C75-3EB5-4BCE-B5D1-39DD3DE94139", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "70BEF219-45EC-4A53-A815-42FBE20FC300", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1EA2023A-1AD6-41FE-A214-9D1F6021D6B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AA4E307-D5FA-461D-9809-BDD123AE7B74", "versionEndIncluding": "19.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*", "matchCriteriaId": "98B9198C-11DF-4E80-ACFC-DC719CED8C7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "587EE4F3-E7AC-4A69-9476-0E71E75EE7A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*", "matchCriteriaId": "A7961BBD-6411-4D32-947D-3940221C235B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "162C6FD9-AEC2-4EBA-A163-3054840B8ACE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "A6879D52-A44E-4DF8-8A3A-3613822EB469", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "5AAF89C1-AAC2-449C-90C1-895F5F8843B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F2D3FA0-BD9D-4828-AE36-1CE43D9B07D1", "versionEndIncluding": "2.3.0.3", "versionStartIncluding": "2.3.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D551CAB1-4312-44AA-BDA8-A030817E153A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", "matchCriteriaId": "C63557DE-E65B-46F4-99C4-247EACCB7BBA", "versionEndIncluding": "3.9.4", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."}, {"lang": "es", "value": "jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminaci\u00f3n de Object.prototype. Si un objeto fuente no sanitizado conten\u00eda una propiedad enumerable __proto__, podr\u00eda extender el Object.prototype nativo."}], "id": "CVE-2019-11358", "lastModified": "2024-02-16T16:32:51.227", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-20T00:29:00.247", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/May/10"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/May/11"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/May/13"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108023"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHBA-2019:1570"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1456"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2587"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3023"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3024"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/jquery/jquery/pull/4333"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Apr/32"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jun/12"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/May/18"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190919-0001/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4434"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4460"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.drupal.org/sa-core-2019-006"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_19"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2019-08"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2020-02"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1321"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:2587", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "ansible-tower-0:3.5.2-1.el7at", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-09-05T00:00:00Z"}, {"advisory": "RHSA-2019:2587", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "cfme-0:5.10.9.1-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-09-05T00:00:00Z"}, {"advisory": "RHSA-2019:2587", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "cfme-amazon-smartstate-0:5.10.9.1-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-09-05T00:00:00Z"}, {"advisory": "RHSA-2019:2587", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "cfme-appliance-0:5.10.9.1-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-09-05T00:00:00Z"}, {"advisory": "RHSA-2019:2587", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "cfme-gemset-0:5.10.9.1-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-09-05T00:00:00Z"}, {"advisory": "RHSA-2019:2587", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "ovirt-ansible-hosted-engine-setup-0:1.0.23-1.el7ev", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-09-05T00:00:00Z"}, {"advisory": "RHSA-2019:2587", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "ovirt-ansible-roles-0:1.1.7-1.el7ev", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-09-05T00:00:00Z"}, {"advisory": "RHSA-2019:2587", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "ovirt-ansible-vm-infra-0:1.1.19-1.el7ev", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-09-05T00:00:00Z"}, {"advisory": "RHSA-2019:2587", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "v2v-conversion-host-0:1.14.2-1.el7ev", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-09-05T00:00:00Z"}, {"advisory": "RHSA-2020:3936", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "ipa-0:4.6.8-5.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2022:7343", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "pcs-0:0.9.169-3.el7_9.3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-11-02T00:00:00Z"}, {"advisory": "RHSA-2020:4670", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "idm:client-8030020200923172426.05ac3f11", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:4670", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "idm:DL1-8030020200923172343.9c827e52", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:4847", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "pki-core:10.6-8030020200911215836.5ff1562f", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:4847", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "pki-deps:10.6-8030020200527165326.30b713e6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2021:4142", "cpe": "cpe:/a:redhat:enterprise_linux:8::highavailability", "package": "pcs-0:0.10.10-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}, {"advisory": "RHSA-2023:0556", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "impact": "low", "package": "jquery", "product_name": "Red Hat JBoss Enterprise Application Platform 7", "release_date": "2023-01-31T00:00:00Z"}, {"advisory": "RHSA-2023:0553", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-01-31T00:00:00Z"}, {"advisory": "RHSA-2023:0554", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-01-31T00:00:00Z"}, {"advisory": "RHSA-2023:0552", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-01-31T00:00:00Z"}, {"advisory": "RHBA-2020:0402", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-enterprise-service-catalog-1:3.11.170-1.git.1.91db82e.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHBA-2020:0402", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-0:3.11.170-1.git.0.00cac56.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHBA-2020:0402", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-cluster-autoscaler-0:3.11.170-1.git.1.0a0df6a.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHBA-2020:0402", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-descheduler-0:3.11.170-1.git.1.9ad83f2.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHBA-2020:0402", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-dockerregistry-0:3.11.170-1.git.1.55fab05.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHBA-2020:0402", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-metrics-server-0:3.11.170-1.git.1.357f177.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHBA-2020:0402", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-node-problem-detector-0:3.11.170-1.git.1.b1f90a6.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHBA-2020:0402", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-service-idler-0:3.11.170-1.git.1.8328979.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHBA-2020:0402", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-web-console-0:3.11.170-1.git.1.3d64e8b.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHBA-2020:0402", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "cri-o-0:1.11.16-0.5.dev.rhaos3.11.git3f89eba.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHBA-2020:0402", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "golang-github-openshift-oauth-proxy-0:3.11.170-1.git.1.b49be83.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHBA-2020:0402", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "golang-github-prometheus-alertmanager-0:3.11.170-1.git.1.61d7960.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHBA-2020:0402", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "golang-github-prometheus-node_exporter-0:3.11.170-1.git.1.51473b7.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHBA-2020:0402", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "golang-github-prometheus-prometheus-0:3.11.170-1.git.1.227bc98.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHBA-2020:0402", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "jenkins-0:2.204.2.1580891656-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHBA-2020:0402", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "jenkins-2-plugins-0:3.11.1579107288-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHBA-2020:0402", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift-ansible-0:3.11.170-2.git.5.8802564.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHBA-2020:0402", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift-enterprise-autoheal-0:3.11.170-1.git.1.dfe6c52.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHBA-2020:0402", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift-enterprise-cluster-capacity-0:3.11.170-1.git.1.661684b.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHBA-2020:0402", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift-kuryr-0:3.11.170-1.git.1.7265da1.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHSA-2020:2412", "cpe": "cpe:/a:redhat:openshift:4.5::el7", "package": "openshift4/ose-console:v4.5.0-202007012112.p0", "product_name": "Red Hat OpenShift Container Platform 4.5", "release_date": "2020-07-13T00:00:00Z"}, {"advisory": "RHSA-2020:4298", "cpe": "cpe:/a:redhat:openshift:4.6::el8", "package": "openshift4/ose-prometheus:v4.6.0-202009290409.p0", "product_name": "Red Hat OpenShift Container Platform 4.6", "release_date": "2020-10-27T00:00:00Z"}, {"advisory": "RHSA-2020:5581", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "python-XStatic-jQuery-0:2.2.4.1-3.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 (Queens)", "release_date": "2020-12-16T00:00:00Z"}, {"advisory": "RHSA-2020:5581", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "python-XStatic-jQuery-0:2.2.4.1-3.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS", "release_date": "2020-12-16T00:00:00Z"}, {"advisory": "RHSA-2020:1325", "cpe": "cpe:/a:redhat:openstack:15::el8", "package": "python-XStatic-jQuery-0:3.4.1.0-1.el8ost", "product_name": "Red Hat OpenStack Platform 15.0 (Stein)", "release_date": "2020-04-06T00:00:00Z"}, {"advisory": "RHSA-2023:1049", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "package": "keycloak-idp-jquery", "product_name": "Red Hat Single Sign-On 7", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2019:1456", "cpe": "cpe:/a:redhat:jboss_single_sign_on:7.3", "product_name": "Red Hat Single Sign-On 7.3.2 zip", "release_date": "2019-06-11T00:00:00Z"}, {"advisory": "RHSA-2023:1043", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "package": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 7", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2023:1044", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "package": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 8", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2023:1045", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "package": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 9", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHBA-2019:1570", "cpe": "cpe:/a:redhat:rhev_manager:4.3", "package": "ovirt-engine-api-explorer-0:0.0.5-1.el7ev", "product_name": "Red Hat Virtualization Engine 4.3", "release_date": "2019-06-20T00:00:00Z"}, {"advisory": "RHSA-2019:3023", "cpe": "cpe:/a:redhat:rhev_manager:4.3", "package": "ovirt-engine-ui-extensions-0:1.0.10-1.el7ev", "product_name": "Red Hat Virtualization Engine 4.3", "release_date": "2019-10-10T00:00:00Z"}, {"advisory": "RHSA-2019:3024", "cpe": "cpe:/a:redhat:rhev_manager:4.3", "package": "ovirt-web-ui-0:1.6.0-1.el7ev", "product_name": "Red Hat Virtualization Engine 4.3", "release_date": "2019-10-10T00:00:00Z"}, {"advisory": "RHSA-2023:1047", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso76-openshift-rhel8:7.6-20", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2023-03-01T00:00:00Z"}], "bugzilla": {"description": "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection", "id": "1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-79", "details": ["jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences."], "name": "CVE-2019-11358", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Not affected", "package_name": "jquery-rjs", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Will not fix", "package_name": "jquery", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "ipa", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "pcp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "python-coverage", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "python-weberror", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "ipsilon", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "pcp", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "pki-core", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "publican", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "python-coverage", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "package_name": "jquery", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "openshift3/grafana", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "openshift3/ose-console", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-grafana", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Will not fix", "package_name": "python-XStatic-jQuery", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Will not fix", "package_name": "python-XStatic-jquery-ui", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "python-XStatic-jquery-ui", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:14", "fix_state": "Out of support scope", "package_name": "python-XStatic-jQuery", "product_name": "Red Hat OpenStack Platform 14 (Rocky)"}, {"cpe": "cpe:/a:redhat:openstack:14", "fix_state": "Out of support scope", "package_name": "python-XStatic-jquery-ui", "product_name": "Red Hat OpenStack Platform 14 (Rocky)"}, {"cpe": "cpe:/a:redhat:openstack:15", "fix_state": "Not affected", "package_name": "python-XStatic-jquery-ui", "product_name": "Red Hat OpenStack Platform 15 (Stein)"}, {"cpe": "cpe:/a:redhat:openstack:9", "fix_state": "Will not fix", "package_name": "python-XStatic-jQuery", "product_name": "Red Hat OpenStack Platform 9 (Mitaka)"}, {"cpe": "cpe:/a:redhat:openstack:9", "fix_state": "Will not fix", "package_name": "python-XStatic-jquery-ui", "product_name": "Red Hat OpenStack Platform 9 (Mitaka)"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Not affected", "package_name": "quay", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Not affected", "package_name": "jquery-ui", "product_name": "Red Hat Satellite 5"}, {"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Out of support scope", "package_name": "patternfly1", "product_name": "Red Hat Satellite 5"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "tfm-rubygem-jquery-ui-rails", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "python27-python-coverage", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "python27-python-werkzeug", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-python35-python-coverage", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-python36-python-coverage", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Out of support scope", "package_name": "rh-ror42-rubygem-jquery-rails", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-ror50-rubygem-jquery-rails", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "python-testtools", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Out of support scope", "package_name": "ovirt-engine-dashboard", "product_name": "Red Hat Virtualization 4"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Out of support scope", "package_name": "ovirt-js-dependencies", "product_name": "Red Hat Virtualization 4"}], "public_date": "2019-03-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-11358\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11358\nhttps://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\nhttps://www.drupal.org/sa-core-2019-006"], "statement": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", "threat_severity": "Moderate", "upstream_fix": "drupal 7.66, jquery 3.4.0"}