Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1701972 (CVE-2019-11358)
Summary: | CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | msiddiqu |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aboyko, ahenning, aileenc, alegrand, amasferr, anpicker, aos-bugs, apevec, ascheel, asoldano, bbaranow, bbuckingham, bcourt, bdettelb, bkearney, bmaxwell, bmcclain, bmontgom, bpeterse, brian.stansberry, btotty, cdewolf, cfeist, chazlett, cluster-maint, dajohnso, darran.lofthouse, dbecker, dblechte, dfediuck, dkreling, dmetzger, dosoudil, drieden, eedri, eparis, erooth, fche, fjuma, gblomqui, gmccullo, gshereme, gtanzill, hhorak, hhudgeon, idevat, ipa-maint, iweiss, janstey, jburrell, jfearn, jfrey, jhadvig, jhardy, jjoyce, jkurik, jochrist, jokerman, jorton, jprause, jschluet, jschorr, jshepherd, jsmith.fedora, jwon, kakkoyun, kbasil, kdixon, kmalyjur, krathod, kyoshida, lberk, lcosic, lewk, lgao, lhh, lpeer, maschmid, mburns, mgoldboi, mgoodwin, michal.skrivanek, mkudlej, mlisik, mloibl, mmccune, mosmerov, mpospisi, mrunge, msochure, msvehla, nathans, nobody, nodejs-sig, nstielau, nwallace, obarenbo, omachace, omular, patrickm, pcp-maint, pdrozd, peter.borsa, pjindal, pkrupa, pmackay, pskopek, puiterwijk, pvalena, pvoborni, python-maint, rbean, rchan, rcritten, rdopiera, rhcs-maint, Rhev-m-bugs, rhos-maint, rjerrido, roliveri, rstancel, sbonazzo, sclewis, security-response-team, sgratch, sguilhen, sherold, simaishi, sisharma, slavek.kabrda, slinaber, smaestri, sponnaga, sthorger, stickster, strzibny, surbania, tjochec, tlestach, tojeline, tomckay, tom.jenkinson, tscherf, twoerner, vbellur, vszocs, yturgema |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://issues.redhat.com/browse/ENTESB-11312 https://issues.redhat.com/browse/KEYCLOAK-10170 https://issues.redhat.com/browse/PROJQUAY-271 https://issues.redhat.com/browse/PROJQUAY-392 |
||
Whiteboard: | |||
Fixed In Version: | jquery 3.4.0, drupal 7.66 | Doc Type: | If docs needed, set a value |
Doc Text: |
A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-08-28 13:07:13 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1701996, 1701997, 1701999, 1729326, 1701973, 1701974, 1701975, 1701976, 1701977, 1701978, 1701979, 1701980, 1701993, 1701994, 1701998, 1702000, 1702619, 1702620, 1713487, 1713488, 1713489, 1713490, 1713492, 1714269, 1714271, 1714272, 1714273, 1714274, 1714291, 1729318, 1729319, 1729320, 1729321, 1729322, 1729323, 1729324, 1729325, 1729327, 1734230, 1734231, 1734232, 1735483, 1735484, 1741045, 1753842, 1795930, 1812024, 1812025, 1824018, 1848744, 1849818, 1849819, 1849838, 2093232, 2093233 | ||
Bug Blocks: |
Description
msiddiqu
2019-04-22 15:20:04 UTC
Created js-jquery tracking bugs for this issue: Affects: fedora-all [bug 1701973] Created js-jquery1 tracking bugs for this issue: Affects: fedora-all [bug 1701974] Created js-jquery2 tracking bugs for this issue: Affects: fedora-all [bug 1701975] Created python-XStatic-jQuery tracking bugs for this issue: Affects: fedora-all [bug 1701976] Created python-XStatic-jquery-ui tracking bugs for this issue: Affects: fedora-all [bug 1701977] Created python-tw2-jquery tracking bugs for this issue: Affects: fedora-all [bug 1701978] Created rubygem-jquery-rails tracking bugs for this issue: Affects: fedora-all [bug 1701979] Created rubygem-jquery-ui-rails tracking bugs for this issue: Affects: fedora-all [bug 1701980] Created python-tw-jquery tracking bugs for this issue: Affects: epel-6 [bug 1701993] Created python-tw2-jquery tracking bugs for this issue: Affects: epel-6 [bug 1701994] Created js-jquery tracking bugs for this issue: Affects: epel-7 [bug 1701996] Created js-jquery1 tracking bugs for this issue: Affects: epel-7 [bug 1701997] Created python-XStatic-jquery-ui tracking bugs for this issue: Affects: epel-7 [bug 1701998] Created python-XStatic-jQuery tracking bugs for this issue: Affects: epel-7 [bug 1701999] Created python-tw2-jquery tracking bugs for this issue: Affects: epel-7 [bug 1702000] Created drupal7 tracking bugs for this issue: Affects: epel-all [bug 1702620] Affects: fedora-all [bug 1702619] Two different CVE's assignments noticed: CVE-2019-11358: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927385 CVE-2019-5428: https://github.com/nodejs/security-wg/pull/507/commits/fd2867ae2c71687af968fd60d333acbacd24e6bb I had filed the flaw bug with CVE-2019-11358, Need confirmation from analysts about which one this is. jQuery library provides a jQuery.extend() function which merge the content from two or more objects into a target object. Prior version 3.4.0 the extend() function doesn't validate properly the parameters sent to it, an attacker can leverage this weakness by using the __proto__ property on a well formatted input to create or inject new object properties, functions or cause unexpected behavior on the target application. This issue has been addressed in the following products: Red Hat Single Sign-On 7.3.2 zip Via RHSA-2019:1456 https://access.redhat.com/errata/RHSA-2019:1456 Created python-XStatic-jQuery tracking bugs for this issue: Affects: openstack-rdo [bug 1729326] Created python-XStatic-jquery-ui tracking bugs for this issue: Affects: openstack-rdo [bug 1729327] This vulnerability was addressed Red Hat Virtualization 4.3 package ovirt-engine-api-explorer via https://access.redhat.com/errata/RHBA-2019:1570 Statement: Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11358 This issue has been addressed in the following products: CloudForms Management Engine 5.10 Via RHSA-2019:2587 https://access.redhat.com/errata/RHSA-2019:2587 This issue has been addressed in the following products: Red Hat Virtualization Engine 4.3 Via RHSA-2019:3023 https://access.redhat.com/errata/RHSA-2019:3023 This issue has been addressed in the following products: Red Hat Virtualization Engine 4.3 Via RHSA-2019:3024 https://access.redhat.com/errata/RHSA-2019:3024 This issue has been addressed in the following products: Red Hat OpenStack Platform 15.0 (Stein) Via RHSA-2020:1325 https://access.redhat.com/errata/RHSA-2020:1325 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.11 Via RHBA-2020:0402 https://access.redhat.com/errata/RHBA-2020:0402 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.5 Via RHSA-2020:2412 https://access.redhat.com/errata/RHSA-2020:2412 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3936 https://access.redhat.com/errata/RHSA-2020:3936 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2020:4298 https://access.redhat.com/errata/RHSA-2020:4298 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4670 https://access.redhat.com/errata/RHSA-2020:4670 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4847 https://access.redhat.com/errata/RHSA-2020:4847 This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS Via RHSA-2020:5581 https://access.redhat.com/errata/RHSA-2020:5581 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:7343 https://access.redhat.com/errata/RHSA-2022:7343 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2023:0553 https://access.redhat.com/errata/RHSA-2023:0553 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2023:0552 https://access.redhat.com/errata/RHSA-2023:0552 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Via RHSA-2023:0554 https://access.redhat.com/errata/RHSA-2023:0554 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2023:0556 https://access.redhat.com/errata/RHSA-2023:0556 This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 7 Via RHSA-2023:1043 https://access.redhat.com/errata/RHSA-2023:1043 This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 8 Via RHSA-2023:1044 https://access.redhat.com/errata/RHSA-2023:1044 This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 9 Via RHSA-2023:1045 https://access.redhat.com/errata/RHSA-2023:1045 This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2023:1047 https://access.redhat.com/errata/RHSA-2023:1047 This issue has been addressed in the following products: Red Hat Single Sign-On Via RHSA-2023:1049 https://access.redhat.com/errata/RHSA-2023:1049 |