CVE-2019-11358 - log back

CVE-2019-11358 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Cross-site scripting
Description
+ jQuery before 3.4.0, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
+
+ The bundled version of jQuery used by the Django admin has been patched to allow for the select2 library's use of jQuery.extend().
References
Notes