"-Synchronized-Data."

This commit is contained in:
CVE Team 2019-04-20 00:00:41 +00:00
parent 898c18c7a6
commit c5ad4b55ec
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
2 changed files with 149 additions and 0 deletions

View File

@ -0,0 +1,87 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://backdropcms.org/security/backdrop-sa-core-2019-009",
"refsource": "MISC",
"name": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
},
{
"url": "https://www.drupal.org/sa-core-2019-006",
"refsource": "MISC",
"name": "https://www.drupal.org/sa-core-2019-006"
},
{
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"refsource": "MISC",
"name": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006",
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
},
{
"url": "https://github.com/jquery/jquery/pull/4333",
"refsource": "MISC",
"name": "https://github.com/jquery/jquery/pull/4333"
},
{
"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b",
"refsource": "MISC",
"name": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
}
]
}
}

View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/mkucej/i-librarian/issues/138",
"refsource": "MISC",
"name": "https://github.com/mkucej/i-librarian/issues/138"
}
]
}
}