CVE-2019-11358 log

Severity Medium
Remote Yes
Type Cross-site scripting
jQuery before 3.4.0, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

The bundled version of jQuery used by the Django admin has been patched to allow for the select2 library's use of jQuery.extend().
Group Package Affected Fixed Severity Status Ticket
AVG-969 python-django 2.2.1-1 2.2.2-1 Medium Fixed
Date Advisory Group Package Severity Type
04 Jun 2019 ASA-201906-2 AVG-969 python-django Medium cross-site scripting