René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"CVE-2019-11358 (Medium) detected in jquery-1.9.1.jar","articleBody":"## CVE-2019-11358 - Medium Severity Vulnerability\n\u003cdetails\u003e\u003csummary\u003e\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png' width=19 height=20\u003e Vulnerable Library - \u003cb\u003ejquery-1.9.1.jar\u003c/b\u003e\u003c/summary\u003e\n\n\u003cp\u003eWebJar for jQuery\u003c/p\u003e\n\u003cp\u003eLibrary home page: \u003ca href=\"http://webjars.org\"\u003ehttp://webjars.org\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003ePath to dependency file: /pom.xml\u003c/p\u003e\n\u003cp\u003ePath to vulnerable library: /target/in28Minutes-first-webapp-0.0.1-SNAPSHOT/WEB-INF/lib/jquery-1.9.1.jar,/jars/jquery/1.9.1/jquery-1.9.1.jar\u003c/p\u003e\n\u003cp\u003e\n\nDependency Hierarchy:\n  - :x: **jquery-1.9.1.jar** (Vulnerable Library)\n\u003cp\u003eFound in base branch: \u003cb\u003emaster\u003c/b\u003e\u003c/p\u003e\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cdetails\u003e\u003csummary\u003e\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20\u003e Vulnerability Details\u003c/summary\u003e\n\u003cp\u003e  \n  \njQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.\n Mend Note: The description of this vulnerability differs from MITRE. \n\n\u003cp\u003ePublish Date: 2019-04-19\n\u003cp\u003eURL: \u003ca href=https://www.mend.io/vulnerability-database/CVE-2019-11358\u003eCVE-2019-11358\u003c/a\u003e\u003c/p\u003e\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cdetails\u003e\u003csummary\u003e\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png' width=19 height=20\u003e CVSS 3 Score Details (\u003cb\u003e6.1\u003c/b\u003e)\u003c/summary\u003e\n\u003cp\u003e\n\nBase Score Metrics:\n- Exploitability Metrics:\n  - Attack Vector: Network\n  - Attack Complexity: Low\n  - Privileges Required: None\n  - User Interaction: Required\n  - Scope: Changed\n- Impact Metrics:\n  - Confidentiality Impact: Low\n  - Integrity Impact: Low\n  - Availability Impact: None\n\u003c/p\u003e\nFor more information on CVSS3 Scores, click \u003ca href=\"https://www.first.org/cvss/calculator/3.0\"\u003ehere\u003c/a\u003e.\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cdetails\u003e\u003csummary\u003e\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/suggested_fix.png' width=19 height=20\u003e Suggested Fix\u003c/summary\u003e\n\u003cp\u003e\n\n\u003cp\u003eType: Upgrade version\u003c/p\u003e\n\u003cp\u003eOrigin: \u003ca href=\"https://github.com/advisories/GHSA-6c3j-c64m-qhgq\"\u003ehttps://github.com/advisories/GHSA-6c3j-c64m-qhgq\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eRelease Date: 2019-04-19\u003c/p\u003e\n\u003cp\u003eFix Resolution: jquery-rails - 4.3.4,django - 2.2.2,django - 2.1.9,org.webjars.npm:jquery:3.4.0,jQuery - 3.4.0,jquery - 3.4.0\u003c/p\u003e\n\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cp\u003e\u003c/p\u003e\n\n***\nStep up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)","author":{"url":"https://github.com/mend-bolt-for-github[bot]","@type":"Person","name":"mend-bolt-for-github[bot]"},"datePublished":"2024-03-13T20:15:31.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/22/JavaWebApplicationStepByStep/issues/22"}