CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Prototype Pollution
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
jqueryjquery
𝑥
< 3.4.0
debiandebian_linux
8.0
debiandebian_linux
9.0
debiandebian_linux
10.0
drupaldrupal
7.0 ≤
𝑥
< 7.66
drupaldrupal
8.5.0 ≤
𝑥
< 8.5.15
drupaldrupal
8.6.0 ≤
𝑥
< 8.6.15
backdropcmsbackdrop
1.11.0 ≤
𝑥
< 1.11.9
backdropcmsbackdrop
1.12.0 ≤
𝑥
< 1.12.6
opensusebackports_sle
15.0:sp1
opensuseleap
15.1
netapponcommand_system_manager
3.0 ≤
𝑥
≤ 3.1.3
netappsnapcenter
-
redhatcloudforms
4.7
redhatvirtualization_manager
4.3
oracleagile_product_lifecycle_management_for_process
6.1
oracleagile_product_lifecycle_management_for_process
6.2.0.0
oracleagile_product_lifecycle_management_for_process
6.2.1.0
oracleagile_product_lifecycle_management_for_process
6.2.2.0
oracleagile_product_lifecycle_management_for_process
6.2.3.0
oracleapplication_express
𝑥
< 19.1
oracleapplication_service_level_management
13.2.0.0
oracleapplication_service_level_management
13.3.0.0
oracleapplication_testing_suite
12.5.0.3
oracleapplication_testing_suite
13.1.0.1
oracleapplication_testing_suite
13.2
oracleapplication_testing_suite
13.2.0.1
oracleapplication_testing_suite
13.3
oracleapplication_testing_suite
13.3.0.1
oraclebanking_digital_experience
18.1
oraclebanking_digital_experience
18.2
oraclebanking_digital_experience
18.3
oraclebanking_digital_experience
19.1
oraclebanking_digital_experience
19.2
oraclebanking_digital_experience
20.1
oraclebanking_enterprise_collections
2.7.0 ≤
𝑥
≤ 2.8.0
oraclebanking_platform
2.4.0 ≤
𝑥
≤ 2.10.0
oraclebi_publisher
5.5.0.0.0
oraclebi_publisher
12.2.1.3.0
oraclebi_publisher
12.2.1.4.0
oraclebig_data_discovery
1.6
oraclebusiness_process_management_suite
12.2.1.3.0
oraclebusiness_process_management_suite
12.2.1.4.0
oraclecommunications_analytics
12.1.1
oraclecommunications_application_session_controller
3.8m0:m0
oraclecommunications_billing_and_revenue_management
7.5
oraclecommunications_billing_and_revenue_management
7.5.0.23.0
oraclecommunications_billing_and_revenue_management
12.0
oraclecommunications_billing_and_revenue_management
12.0.0.3.0
oraclecommunications_diameter_signaling_router
8.0.0
oraclecommunications_diameter_signaling_router
8.1
oraclecommunications_diameter_signaling_router
8.2
oraclecommunications_diameter_signaling_router
8.2.1
oraclecommunications_eagle_application_processor
16.1.0 ≤
𝑥
≤ 16.4.0
oraclecommunications_element_manager
8.1.1
oraclecommunications_element_manager
8.2.0
oraclecommunications_element_manager
8.2.1
oraclecommunications_interactive_session_recorder
6.0 ≤
𝑥
≤ 6.4
oraclecommunications_operations_monitor
4.1 ≤
𝑥
≤ 4.3
oraclecommunications_operations_monitor
3.4
oraclecommunications_operations_monitor
4.0
oraclecommunications_operations_monitor
4.1.0
oraclecommunications_services_gatekeeper
7.0
oraclecommunications_session_report_manager
8.1.1
oraclecommunications_session_report_manager
8.2.0
oraclecommunications_session_report_manager
8.2.1
oraclecommunications_session_route_manager
8.1.1
oraclecommunications_session_route_manager
8.2.0
oraclecommunications_session_route_manager
8.2.1
oraclecommunications_unified_inventory_management
7.3
oraclecommunications_unified_inventory_management
7.4.0
oraclecommunications_webrtc_session_controller
7.2
oraclediagnostic_assistant
2.12.36
oracleenterprise_manager_ops_center
12.3.3
oracleenterprise_manager_ops_center
12.4.0
oracleenterprise_manager_ops_center
12.4.0.0
oracleenterprise_session_border_controller
8.4
oraclefinancial_services_analytical_applications_infrastructure
7.3.3 ≤
𝑥
≤ 7.3.5
oraclefinancial_services_analytical_applications_infrastructure
8.0.2 ≤
𝑥
≤ 8.1.0
oraclefinancial_services_analytical_applications_reconciliation_framework
8.0.4 ≤
𝑥
≤ 8.0.7
oraclefinancial_services_analytical_applications_reconciliation_framework
8.1.0
oraclefinancial_services_asset_liability_management
8.0.4 ≤
𝑥
≤ 8.0.7
oraclefinancial_services_asset_liability_management
8.1.0
oraclefinancial_services_balance_sheet_planning
8.0.8
oraclefinancial_services_basel_regulatory_capital_basic
8.0.4 ≤
𝑥
≤ 8.0.7
oraclefinancial_services_basel_regulatory_capital_basic
8.1.0
oraclefinancial_services_basel_regulatory_capital_internal_ratings_based_approach
8.0.4 ≤
𝑥
≤ 8.0.7
oraclefinancial_services_basel_regulatory_capital_internal_ratings_based_approach
8.1.0
oraclefinancial_services_data_foundation
8.0.4 ≤
𝑥
≤ 8.0.8
oraclefinancial_services_data_governance_for_us_regulatory_reporting
8.0.6 ≤
𝑥
≤ 8.0.9
oraclefinancial_services_data_integration_hub
8.0.5 ≤
𝑥
≤ 8.0.7
oraclefinancial_services_data_integration_hub
8.1.0
oraclefinancial_services_enterprise_financial_performance_analytics
8.0.6
oraclefinancial_services_enterprise_financial_performance_analytics
8.0.7
oraclefinancial_services_funds_transfer_pricing
8.0.4 ≤
𝑥
≤ 8.0.7
oraclefinancial_services_funds_transfer_pricing
8.1.0
oraclefinancial_services_hedge_management_and_ifrs_valuations
8.0.4 ≤
𝑥
≤ 8.0.7
oraclefinancial_services_hedge_management_and_ifrs_valuations
8.1.0
oraclefinancial_services_institutional_performance_analytics
8.0.4 ≤
𝑥
≤ 8.0.7
oraclefinancial_services_institutional_performance_analytics
8.1.0
oraclefinancial_services_liquidity_risk_management
8.0.0.1.0
oraclefinancial_services_liquidity_risk_management
8.0.2
oraclefinancial_services_liquidity_risk_management
8.0.4.0.0
oraclefinancial_services_liquidity_risk_management
8.0.5.0.0
oraclefinancial_services_liquidity_risk_management
8.0.6
oraclefinancial_services_liquidity_risk_measurement_and_management
8.0.7
oraclefinancial_services_liquidity_risk_measurement_and_management
8.0.8
oraclefinancial_services_liquidity_risk_measurement_and_management
8.1.0
oraclefinancial_services_loan_loss_forecasting_and_provisioning
8.0.2 ≤
𝑥
≤ 8.0.7
oraclefinancial_services_loan_loss_forecasting_and_provisioning
8.1.0
oraclefinancial_services_market_risk_measurement_and_management
8.0.5
oraclefinancial_services_market_risk_measurement_and_management
8.0.6
oraclefinancial_services_market_risk_measurement_and_management
8.0.8
oraclefinancial_services_price_creation_and_discovery
8.0.4 ≤
𝑥
≤ 8.0.7
oraclefinancial_services_profitability_management
8.0.4 ≤
𝑥
≤ 8.0.7
oraclefinancial_services_profitability_management
8.1.0
oraclefinancial_services_regulatory_reporting_for_de_nederlandsche_bank
8.0.4
oraclefinancial_services_regulatory_reporting_for_european_banking_authority
8.0.6
oraclefinancial_services_regulatory_reporting_for_european_banking_authority
8.0.7
oraclefinancial_services_regulatory_reporting_for_us_federal_reserve
8.0.4 ≤
𝑥
≤ 8.0.7
oraclefinancial_services_retail_customer_analytics
8.0.4 ≤
𝑥
≤ 8.0.6
oraclefinancial_services_retail_performance_analytics
8.0.6
oraclefinancial_services_retail_performance_analytics
8.0.7
oraclefinancial_services_revenue_management_and_billing
2.4.0.0
oraclefinancial_services_revenue_management_and_billing
2.4.0.1
oraclefusion_middleware_mapviewer
12.2.1.3.0
oraclehealthcare_foundation
7.1.1
oraclehealthcare_foundation
7.2.0
oraclehealthcare_foundation
7.2.2
oraclehealthcare_foundation
7.3.0
oraclehealthcare_translational_research
3.1.0
oraclehealthcare_translational_research
3.2.1
oraclehealthcare_translational_research
3.3.1
oraclehealthcare_translational_research
3.3.2
oraclehealthcare_translational_research
3.4.0
oraclehospitality_guest_access
4.2.0
oraclehospitality_guest_access
4.2.1
oraclehospitality_materials_control
18.1
oraclehospitality_simphony
19.1.0 ≤
𝑥
≤ 19.1.2
oraclehospitality_simphony
18.1
oraclehospitality_simphony
18.2
oracleidentity_manager
12.2.1.3.0
oracleinsurance_accounting_analyzer
8.0.9
oracleinsurance_allocation_manager_for_enterprise_profitability
8.0.8
oracleinsurance_allocation_manager_for_enterprise_profitability
8.1.0
oracleinsurance_data_foundation
8.0.4 ≤
𝑥
≤ 8.0.7
oracleinsurance_ifrs_17_analyzer
8.0.6
oracleinsurance_ifrs_17_analyzer
8.0.7
oracleinsurance_insbridge_rating_and_underwriting
5.0.0.0 ≤
𝑥
≤ 5.6.0.0
oracleinsurance_insbridge_rating_and_underwriting
5.6.1.0
oracleinsurance_performance_insight
8.0.7
oraclejd_edwards_enterpriseone_tools
9.2
oraclejdeveloper
11.1.1.9.0
oraclejdeveloper
12.2.1.3.0
oraclejdeveloper
12.2.1.4.0
oraclejdeveloper_and_adf
11.1.1.9.0
oraclejdeveloper_and_adf
12.1.3.0.0
oraclejdeveloper_and_adf
12.2.1.3.0
oracleknowledge
8.6.0 ≤
𝑥
≤ 8.6.3
oraclepeoplesoft_enterprise_peopletools
8.55
oraclepeoplesoft_enterprise_peopletools
8.56
oraclepeoplesoft_enterprise_peopletools
8.57
oraclepeoplesoft_enterprise_peopletools
8.58
oraclepolicy_automation
12.2.0 ≤
𝑥
≤ 12.2.15
oraclepolicy_automation
10.4.7
oraclepolicy_automation
12.1.0
oraclepolicy_automation
12.1.1
oraclepolicy_automation_connector_for_siebel
10.4.6
oraclepolicy_automation_for_mobile_devices
12.2.0 ≤
𝑥
≤ 12.2.15
oracleprimavera_gateway
16.2.0 ≤
𝑥
≤ 16.2.11
oracleprimavera_gateway
17.12.0 ≤
𝑥
≤ 17.12.7
oracleprimavera_gateway
18.8.0 ≤
𝑥
≤ 18.8.9
oracleprimavera_gateway
19.12.0 ≤
𝑥
≤ 19.12.4
oracleprimavera_gateway
15.2.18
oracleprimavera_unifier
17.7 ≤
𝑥
≤ 17.12
oracleprimavera_unifier
16.1
oracleprimavera_unifier
16.2
oracleprimavera_unifier
18.8
oraclereal-time_scheduler
2.3.0.1 ≤
𝑥
≤ 2.3.0.3
oraclerest_data_services
11.2.0.4
oraclerest_data_services
12.1.0.2
oraclerest_data_services
12.2.0.1
oracleretail_back_office
14.0
oracleretail_back_office
14.1
oracleretail_central_office
14.0
oracleretail_central_office
14.1
oracleretail_customer_insights
15.0
oracleretail_customer_insights
16.0
oracleretail_customer_management_and_segmentation_foundation
18.0
oracleretail_customer_management_and_segmentation_foundation
19.0
oracleretail_point-of-service
14.0
oracleretail_point-of-service
14.1
oracleretail_returns_management
14.0
oracleretail_returns_management
14.1
oracleservice_bus
11.1.1.9.0
oracleservice_bus
12.1.3.0.0
oracleservice_bus
12.2.1.3.0
oraclesiebel_mobile_applications
𝑥
≤ 19.8
oraclesiebel_ui_framework
20.8
oraclestoragetek_tape_analytics_sw_tool
2.3.0
oraclesystem_utilities
19.1
oracletape_library_acsls
8.5
oracletape_library_acsls
8.5.1
oracletransportation_management
1.4.3
oracleutilities_mobile_workforce_management
2.3.0.1 ≤
𝑥
≤ 2.3.0.3
oraclewebcenter_sites
12.2.1.3.0
oracleweblogic_server
10.3.6.0.0
oracleweblogic_server
12.1.3.0.0
oracleweblogic_server
12.2.1.3.0
oracleweblogic_server
12.2.1.4.0
oracleweblogic_server
14.1.1.0.0
joomlajoomla\!
3.0.0 ≤
𝑥
≤ 3.9.4
juniperjunos
21.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mediawiki
bullseye
1:1.35.13-1+deb11u2
fixed
stretch
ignored
bullseye (security)
1:1.35.13-1+deb11u3
fixed
bookworm
1:1.39.7-1~deb12u1
fixed
bookworm (security)
1:1.39.10-1~deb12u1
fixed
sid
1:1.39.10-1
fixed
trixie
1:1.39.10-1
fixed
node-jquery
bullseye
3.5.1+dfsg+~3.5.5-7
fixed
stretch
ignored
sid
3.6.1+dfsg+~3.5.14-1
fixed
trixie
3.6.1+dfsg+~3.5.14-1
fixed
bookworm
3.6.1+dfsg+~3.5.14-1
fixed
otrs2
bullseye/non-free
6.0.32-6
fixed
stretch
ignored
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
drupal7
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
dne
impish
dne
hirsute
dne
groovy
dne
focal
dne
eoan
dne
disco
dne
cosmic
dne
bionic
dne
xenial
needs-triage
trusty
needs-triage
jquery
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
dne
impish
dne
hirsute
dne
groovy
dne
focal
not-affected
eoan
not-affected
disco
ignored
cosmic
ignored
bionic
needed
xenial
needed
trusty
needed
mediawiki
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needs-triage
impish
ignored
hirsute
ignored
groovy
ignored
focal
needs-triage
bionic
needs-triage
xenial
dne
trusty
dne
node-jquery
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
ignored
cosmic
ignored
bionic
needed
xenial
needed
trusty
dne
otrs2
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
needs-triage
impish
ignored
hirsute
ignored
groovy
ignored
focal
not-affected
bionic
needs-triage
xenial
needs-triage
trusty
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
http://seclists.org/fulldisclosure/2019/May/10
http://seclists.org/fulldisclosure/2019/May/11
http://seclists.org/fulldisclosure/2019/May/13
http://www.openwall.com/lists/oss-security/2019/06/03/2
http://www.securityfocus.com/bid/108023
https://access.redhat.com/errata/RHBA-2019:1570
https://access.redhat.com/errata/RHSA-2019:1456
https://access.redhat.com/errata/RHSA-2019:2587
https://access.redhat.com/errata/RHSA-2019:3023
https://access.redhat.com/errata/RHSA-2019:3024
https://backdropcms.org/security/backdrop-sa-core-2019-009
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
https://github.com/jquery/jquery/pull/4333
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E
https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E
https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/
https://seclists.org/bugtraq/2019/Apr/32
https://seclists.org/bugtraq/2019/Jun/12
https://seclists.org/bugtraq/2019/May/18
https://security.netapp.com/advisory/ntap-20190919-0001/
https://snyk.io/vuln/SNYK-JS-JQUERY-174006
https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1
https://www.debian.org/security/2019/dsa-4434
https://www.debian.org/security/2019/dsa-4460
https://www.drupal.org/sa-core-2019-006
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/
https://www.synology.com/security/advisory/Synology_SA_19_19
https://www.tenable.com/security/tns-2019-08
https://www.tenable.com/security/tns-2020-02
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
http://seclists.org/fulldisclosure/2019/May/10
http://seclists.org/fulldisclosure/2019/May/11
http://seclists.org/fulldisclosure/2019/May/13
http://www.openwall.com/lists/oss-security/2019/06/03/2
http://www.securityfocus.com/bid/108023
https://access.redhat.com/errata/RHBA-2019:1570
https://access.redhat.com/errata/RHSA-2019:1456
https://access.redhat.com/errata/RHSA-2019:2587
https://access.redhat.com/errata/RHSA-2019:3023
https://access.redhat.com/errata/RHSA-2019:3024
https://backdropcms.org/security/backdrop-sa-core-2019-009
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
https://github.com/jquery/jquery/pull/4333
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E
https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E
https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/
https://seclists.org/bugtraq/2019/Apr/32
https://seclists.org/bugtraq/2019/Jun/12
https://seclists.org/bugtraq/2019/May/18
https://security.netapp.com/advisory/ntap-20190919-0001/
https://snyk.io/vuln/SNYK-JS-JQUERY-174006
https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1
https://www.debian.org/security/2019/dsa-4434
https://www.debian.org/security/2019/dsa-4460
https://www.drupal.org/sa-core-2019-006
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/
https://www.synology.com/security/advisory/Synology_SA_19_19
https://www.tenable.com/security/tns-2019-08
https://www.tenable.com/security/tns-2020-02