jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Weakness
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Jquery | Jquery | * | 3.4.0 (excluding) |
| CloudForms Management Engine 5.10 | RedHat | ansible-tower-0:3.5.2-1.el7at | * |
| CloudForms Management Engine 5.10 | RedHat | cfme-0:5.10.9.1-1.el7cf | * |
| CloudForms Management Engine 5.10 | RedHat | cfme-amazon-smartstate-0:5.10.9.1-1.el7cf | * |
| CloudForms Management Engine 5.10 | RedHat | cfme-appliance-0:5.10.9.1-1.el7cf | * |
| CloudForms Management Engine 5.10 | RedHat | cfme-gemset-0:5.10.9.1-1.el7cf | * |
| CloudForms Management Engine 5.10 | RedHat | ovirt-ansible-hosted-engine-setup-0:1.0.23-1.el7ev | * |
| CloudForms Management Engine 5.10 | RedHat | ovirt-ansible-roles-0:1.1.7-1.el7ev | * |
| CloudForms Management Engine 5.10 | RedHat | ovirt-ansible-vm-infra-0:1.1.19-1.el7ev | * |
| CloudForms Management Engine 5.10 | RedHat | v2v-conversion-host-0:1.14.2-1.el7ev | * |
| Red Hat Enterprise Linux 7 | RedHat | ipa-0:4.6.8-5.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | pcs-0:0.9.169-3.el7_9.3 | * |
| Red Hat Enterprise Linux 8 | RedHat | idm:client-8030020200923172426.05ac3f11 | * |
| Red Hat Enterprise Linux 8 | RedHat | idm:DL1-8030020200923172343.9c827e52 | * |
| Red Hat Enterprise Linux 8 | RedHat | pki-core:10.6-8030020200911215836.5ff1562f | * |
| Red Hat Enterprise Linux 8 | RedHat | pki-deps:10.6-8030020200527165326.30b713e6 | * |
| Red Hat Enterprise Linux 8 | RedHat | pcs-0:0.10.10-4.el8 | * |
| Red Hat JBoss Enterprise Application Platform 7 | RedHat | jquery | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | RedHat | eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | RedHat | eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | RedHat | eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-enterprise-service-catalog-1:3.11.170-1.git.1.91db82e.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-0:3.11.170-1.git.0.00cac56.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-cluster-autoscaler-0:3.11.170-1.git.1.0a0df6a.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-descheduler-0:3.11.170-1.git.1.9ad83f2.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-dockerregistry-0:3.11.170-1.git.1.55fab05.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-metrics-server-0:3.11.170-1.git.1.357f177.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-node-problem-detector-0:3.11.170-1.git.1.b1f90a6.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-service-idler-0:3.11.170-1.git.1.8328979.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-web-console-0:3.11.170-1.git.1.3d64e8b.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | cri-o-0:1.11.16-0.5.dev.rhaos3.11.git3f89eba.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | golang-github-openshift-oauth-proxy-0:3.11.170-1.git.1.b49be83.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | golang-github-prometheus-alertmanager-0:3.11.170-1.git.1.61d7960.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | golang-github-prometheus-node_exporter-0:3.11.170-1.git.1.51473b7.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | golang-github-prometheus-prometheus-0:3.11.170-1.git.1.227bc98.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | jenkins-0:2.204.2.1580891656-1.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | jenkins-2-plugins-0:3.11.1579107288-1.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | openshift-ansible-0:3.11.170-2.git.5.8802564.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | openshift-enterprise-autoheal-0:3.11.170-1.git.1.dfe6c52.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | openshift-enterprise-cluster-capacity-0:3.11.170-1.git.1.661684b.el7 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | openshift-kuryr-0:3.11.170-1.git.1.7265da1.el7 | * |
| Red Hat OpenShift Container Platform 4.5 | RedHat | openshift4/ose-console:v4.5.0-202007012112.p0 | * |
| Red Hat OpenShift Container Platform 4.6 | RedHat | openshift4/ose-prometheus:v4.6.0-202009290409.p0 | * |
| Red Hat OpenStack Platform 13.0 (Queens) | RedHat | python-XStatic-jQuery-0:2.2.4.1-3.el7ost | * |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | RedHat | python-XStatic-jQuery-0:2.2.4.1-3.el7ost | * |
| Red Hat OpenStack Platform 15.0 (Stein) | RedHat | python-XStatic-jQuery-0:3.4.1.0-1.el8ost | * |
| Red Hat Single Sign-On 7 | RedHat | keycloak-idp-jquery | * |
| Red Hat Single Sign-On 7.3.2 zip | RedHat | * | |
| Red Hat Single Sign-On 7.6 for RHEL 7 | RedHat | rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso | * |
| Red Hat Single Sign-On 7.6 for RHEL 8 | RedHat | rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso | * |
| Red Hat Single Sign-On 7.6 for RHEL 9 | RedHat | rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso | * |
| Red Hat Virtualization Engine 4.3 | RedHat | ovirt-engine-api-explorer-0:0.0.5-1.el7ev | * |
| Red Hat Virtualization Engine 4.3 | RedHat | ovirt-engine-ui-extensions-0:1.0.10-1.el7ev | * |
| Red Hat Virtualization Engine 4.3 | RedHat | ovirt-web-ui-0:1.6.0-1.el7ev | * |
| RHEL-8 based Middleware Containers | RedHat | rh-sso-7/sso76-openshift-rhel8:7.6-20 | * |
| Drupal7 | Ubuntu | trusty | * |
| Drupal7 | Ubuntu | trusty/esm | * |
| Drupal7 | Ubuntu | xenial | * |
| Jquery | Ubuntu | bionic | * |
| Jquery | Ubuntu | cosmic | * |
| Jquery | Ubuntu | disco | * |
| Jquery | Ubuntu | esm-infra-legacy/trusty | * |
| Jquery | Ubuntu | esm-infra/bionic | * |
| Jquery | Ubuntu | esm-infra/xenial | * |
| Jquery | Ubuntu | precise/esm | * |
| Jquery | Ubuntu | trusty | * |
| Jquery | Ubuntu | trusty/esm | * |
| Jquery | Ubuntu | upstream | * |
| Jquery | Ubuntu | xenial | * |
| Mediawiki | Ubuntu | bionic | * |
| Mediawiki | Ubuntu | focal | * |
| Mediawiki | Ubuntu | groovy | * |
| Mediawiki | Ubuntu | hirsute | * |
| Mediawiki | Ubuntu | impish | * |
| Mediawiki | Ubuntu | kinetic | * |
| Mediawiki | Ubuntu | lunar | * |
| Mediawiki | Ubuntu | mantic | * |
| Mediawiki | Ubuntu | oracular | * |
| Mediawiki | Ubuntu | plucky | * |
| Mediawiki | Ubuntu | trusty | * |
| Node-jquery | Ubuntu | bionic | * |
| Node-jquery | Ubuntu | cosmic | * |
| Node-jquery | Ubuntu | disco | * |
| Node-jquery | Ubuntu | esm-apps/bionic | * |
| Node-jquery | Ubuntu | esm-apps/xenial | * |
| Node-jquery | Ubuntu | trusty | * |
| Node-jquery | Ubuntu | xenial | * |
| Otrs2 | Ubuntu | bionic | * |
| Otrs2 | Ubuntu | groovy | * |
| Otrs2 | Ubuntu | hirsute | * |
| Otrs2 | Ubuntu | impish | * |
| Otrs2 | Ubuntu | trusty | * |
| Otrs2 | Ubuntu | xenial | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/1.html
- https://cwe.mitre.org/data/definitions/180.html
- https://cwe.mitre.org/data/definitions/77.html
References
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
- http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
- http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
- http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
- http://seclists.org/fulldisclosure/2019/May/10
- http://seclists.org/fulldisclosure/2019/May/11
- http://seclists.org/fulldisclosure/2019/May/13
- http://www.openwall.com/lists/oss-security/2019/06/03/2
- http://www.securityfocus.com/bid/108023
- https://access.redhat.com/errata/RHBA-2019:1570
- https://access.redhat.com/errata/RHSA-2019:1456
- https://access.redhat.com/errata/RHSA-2019:2587
- https://access.redhat.com/errata/RHSA-2019:3023
- https://access.redhat.com/errata/RHSA-2019:3024
- https://backdropcms.org/security/backdrop-sa-core-2019-009
- https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
- https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
- https://github.com/jquery/jquery/pull/4333
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
- https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
- https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
- https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E
- https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E
- https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E
- https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
- https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/
- https://seclists.org/bugtraq/2019/Apr/32
- https://seclists.org/bugtraq/2019/Jun/12
- https://seclists.org/bugtraq/2019/May/18
- https://security.netapp.com/advisory/ntap-20190919-0001/
- https://snyk.io/vuln/SNYK-JS-JQUERY-174006
- https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1
- https://www.debian.org/security/2019/dsa-4434
- https://www.debian.org/security/2019/dsa-4460
- https://www.drupal.org/sa-core-2019-006
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/
- https://www.synology.com/security/advisory/Synology_SA_19_19
- https://www.tenable.com/security/tns-2019-08
- https://www.tenable.com/security/tns-2020-02
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
- http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
- http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
- http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
- http://seclists.org/fulldisclosure/2019/May/10
- http://seclists.org/fulldisclosure/2019/May/11
- http://seclists.org/fulldisclosure/2019/May/13
- http://www.openwall.com/lists/oss-security/2019/06/03/2
- http://www.securityfocus.com/bid/108023
- https://access.redhat.com/errata/RHBA-2019:1570
- https://access.redhat.com/errata/RHSA-2019:1456
- https://access.redhat.com/errata/RHSA-2019:2587
- https://access.redhat.com/errata/RHSA-2019:3023
- https://access.redhat.com/errata/RHSA-2019:3024
- https://backdropcms.org/security/backdrop-sa-core-2019-009
- https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
- https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
- https://github.com/jquery/jquery/pull/4333
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
- https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E
- https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
- https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
- https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E
- https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E
- https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E
- https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
- https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html
- https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/
- https://seclists.org/bugtraq/2019/Apr/32
- https://seclists.org/bugtraq/2019/Jun/12
- https://seclists.org/bugtraq/2019/May/18
- https://security.netapp.com/advisory/ntap-20190919-0001/
- https://snyk.io/vuln/SNYK-JS-JQUERY-174006
- https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1
- https://www.debian.org/security/2019/dsa-4434
- https://www.debian.org/security/2019/dsa-4460
- https://www.drupal.org/sa-core-2019-006
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/
- https://www.synology.com/security/advisory/Synology_SA_19_19
- https://www.tenable.com/security/tns-2019-08
- https://www.tenable.com/security/tns-2020-02