Severity: moderate

Prototype Pollution

jquery

Overview

Versions of jquery prior to 3.4.0 are vulnerable to Prototype Pollution. The extend() method allows an attacker to modify the prototype for Object causing changes in properties that will exist on all objects.

Remediation

Upgrade to version 3.4.0 or later.

Resources

Have content suggestions? Visit npmjs.com/support.

Advisory timeline

  1. published

    Advisory Published
    Apr 23rd, 2019
  2. reported

    Reported by asgerf
    Apr 2nd, 2019