[Pkg-javascript-devel] Bug#927385: jquery: Prototype Pollution vulnerability

Salvatore Bonaccorso carnil at debian.org
Thu Apr 18 20:47:04 BST 2019


Source: jquery
Version: 3.3.1~dfsg-1
Severity: grave
Tags: patch security upstream fixed-upstream
Justification: user security hole
Control: found -1 3.1.1-2

Hi

A prototype pollution vulnerability (so far no CVE) has been fixed in
jQuery 3.4.0:

https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
Patches: https://github.com/DanielRuf/snyk-js-jquery-174006?files=1
https://snyk.io/vuln/SNYK-JS-JQUERY-174006

Regards,
Salvatore



More information about the Pkg-javascript-devel mailing list