CVE-2019-11358 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Cross-site scripting |
Description | jQuery before 3.4.0, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. The bundled version of jQuery used by the Django admin has been patched to allow for the select2 library's use of jQuery.extend(). |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-969 | python-django | 2.2.1-1 | 2.2.2-1 | Medium | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
04 Jun 2019 | ASA-201906-2 | AVG-969 | python-django | Medium | cross-site scripting |