[20190403] - Core - Object.prototype pollution in JQuery $.extend - Applicacious

[20190403] – Core – Object.prototype pollution in JQuery $.extend

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Moderate
  • Versions: 3.0.0 through 3.9.4
  • Exploit type: XSS
  • Reported Date: 2019-March-25
  • Fixed Date: 2019-April-09
  • CVE Number: TBA

Description

The $.extend method of JQuery is vulnerable to Object.prototype pollution attacks.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.9.4

Solution

Upgrade to version 3.9.5

Contact

The JSST at the Joomla! Security Centre.

Reported By: Michał Gołębiowski-Owczarek, David Jardin (JSST)
  • in Blog
  • by
  • April 9, 2019
  • Comments Off on [20190403] – Core – Object.prototype pollution in JQuery $.extend

Comments are closed.

%d bloggers like this: