jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Jquery | Jquery | * | 3.4.0 (excluding) |
| CloudForms Management Engine 5.10 | RedHat | ansible-tower-0:3.5.2-1.el7at | * |
| CloudForms Management Engine 5.10 | RedHat | cfme-0:5.10.9.1-1.el7cf | * |
| CloudForms Management Engine 5.10 | RedHat | cfme-amazon-smartstate-0:5.10.9.1-1.el7cf | * |
| CloudForms Management Engine 5.10 | RedHat | cfme-appliance-0:5.10.9.1-1.el7cf | * |
| CloudForms Management Engine 5.10 | RedHat | cfme-gemset-0:5.10.9.1-1.el7cf | * |
| CloudForms Management Engine 5.10 | RedHat | ovirt-ansible-hosted-engine-setup-0:1.0.23-1.el7ev | * |
| CloudForms Management Engine 5.10 | RedHat | ovirt-ansible-roles-0:1.1.7-1.el7ev | * |
| CloudForms Management Engine 5.10 | RedHat | ovirt-ansible-vm-infra-0:1.1.19-1.el7ev | * |
| CloudForms Management Engine 5.10 | RedHat | v2v-conversion-host-0:1.14.2-1.el7ev | * |
| Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update | RedHat | jquery | * |
| Red Hat Enterprise Linux 7 | RedHat | ipa-0:4.6.8-5.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | pcs-0:0.9.169-3.el7_9.3 | * |
| Red Hat Enterprise Linux 8 | RedHat | idm:client-8030020200923172426.05ac3f11 | * |
| Red Hat Enterprise Linux 8 | RedHat | idm:DL1-8030020200923172343.9c827e52 | * |
| Red Hat Enterprise Linux 8 | RedHat | pki-core:10.6-8030020200911215836.5ff1562f | * |
| Red Hat Enterprise Linux 8 | RedHat | pki-deps:10.6-8030020200527165326.30b713e6 | * |
| Red Hat Enterprise Linux 8 | RedHat | pcs-0:0.10.10-4.el8 | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | RedHat | eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | RedHat | eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | RedHat | eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-enterprise-service-catalog-1:3.11.170-1.git.1.91db82e.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-0:3.11.170-1.git.0.00cac56.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-cluster-autoscaler-0:3.11.170-1.git.1.0a0df6a.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-descheduler-0:3.11.170-1.git.1.9ad83f2.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-dockerregistry-0:3.11.170-1.git.1.55fab05.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-metrics-server-0:3.11.170-1.git.1.357f177.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-node-problem-detector-0:3.11.170-1.git.1.b1f90a6.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-service-idler-0:3.11.170-1.git.1.8328979.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-web-console-0:3.11.170-1.git.1.3d64e8b.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | cri-o-0:1.11.16-0.5.dev.rhaos3.11.git3f89eba.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | golang-github-openshift-oauth-proxy-0:3.11.170-1.git.1.b49be83.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | golang-github-prometheus-alertmanager-0:3.11.170-1.git.1.61d7960.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | golang-github-prometheus-node_exporter-0:3.11.170-1.git.1.51473b7.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | golang-github-prometheus-prometheus-0:3.11.170-1.git.1.227bc98.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | jenkins-0:2.204.2.1580891656-1.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | jenkins-2-plugins-0:3.11.1579107288-1.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | openshift-ansible-0:3.11.170-2.git.5.8802564.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | openshift-enterprise-autoheal-0:3.11.170-1.git.1.dfe6c52.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | openshift-enterprise-cluster-capacity-0:3.11.170-1.git.1.661684b.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | openshift-kuryr-0:3.11.170-1.git.1.7265da1.el7 | * |
| Red Hat OpenShift Container Platform 4.5 | RedHat | openshift4/ose-console:v4.5.0-202007012112.p0 | * |
| Red Hat OpenShift Container Platform 4.6 | RedHat | openshift4/ose-prometheus:v4.6.0-202009290409.p0 | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | python-XStatic-jQuery-0:2.2.4.1-3.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | python-XStatic-jQuery-0:2.2.4.1-3.el7ost | * |
| Red Hat OpenStack Platform 15.0 (Stein) | RedHat | python-XStatic-jQuery-0:3.4.1.0-1.el8ost | * |
| Red Hat Single Sign-On 7 | RedHat | keycloak-idp-jquery | * |
| Red Hat Single Sign-On 7.3.2 zip | RedHat | * | |
| Red Hat Single Sign-On 7.6 for RHEL 7 | RedHat | rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso | * |
| Red Hat Single Sign-On 7.6 for RHEL 8 | RedHat | rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso | * |
| Red Hat Single Sign-On 7.6 for RHEL 9 | RedHat | rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso | * |
| Red Hat Virtualization Engine 4.3 | RedHat | ovirt-engine-api-explorer-0:0.0.5-1.el7ev | * |
| Red Hat Virtualization Engine 4.3 | RedHat | ovirt-engine-ui-extensions-0:1.0.10-1.el7ev | * |
| Red Hat Virtualization Engine 4.3 | RedHat | ovirt-web-ui-0:1.6.0-1.el7ev | * |
| RHEL-8 based Middleware Containers | RedHat | rh-sso-7/sso76-openshift-rhel8:7.6-20 | * |
| Drupal7 | Ubuntu | trusty | * |
| Drupal7 | Ubuntu | trusty/esm | * |
| Drupal7 | Ubuntu | xenial | * |
| Jquery | Ubuntu | bionic | * |
| Jquery | Ubuntu | cosmic | * |
| Jquery | Ubuntu | disco | * |
| Jquery | Ubuntu | esm-infra-legacy/trusty | * |
| Jquery | Ubuntu | esm-infra/bionic | * |
| Jquery | Ubuntu | esm-infra/xenial | * |
| Jquery | Ubuntu | precise/esm | * |
| Jquery | Ubuntu | trusty | * |
| Jquery | Ubuntu | trusty/esm | * |
| Jquery | Ubuntu | upstream | * |
| Jquery | Ubuntu | xenial | * |
| Mediawiki | Ubuntu | bionic | * |
| Mediawiki | Ubuntu | focal | * |
| Mediawiki | Ubuntu | groovy | * |
| Mediawiki | Ubuntu | hirsute | * |
| Mediawiki | Ubuntu | impish | * |
| Mediawiki | Ubuntu | kinetic | * |
| Mediawiki | Ubuntu | lunar | * |
| Mediawiki | Ubuntu | mantic | * |
| Mediawiki | Ubuntu | oracular | * |
| Mediawiki | Ubuntu | trusty | * |
| Node-jquery | Ubuntu | bionic | * |
| Node-jquery | Ubuntu | cosmic | * |
| Node-jquery | Ubuntu | disco | * |
| Node-jquery | Ubuntu | esm-apps/bionic | * |
| Node-jquery | Ubuntu | esm-apps/xenial | * |
| Node-jquery | Ubuntu | trusty | * |
| Node-jquery | Ubuntu | xenial | * |
| Otrs2 | Ubuntu | bionic | * |
| Otrs2 | Ubuntu | groovy | * |
| Otrs2 | Ubuntu | hirsute | * |
| Otrs2 | Ubuntu | impish | * |
| Otrs2 | Ubuntu | trusty | * |
| Otrs2 | Ubuntu | xenial | * |