TRIAL REQUEST A DEMO LOGIN

jQuery - Prototype Pollution Vulnerability under 3.4.0

Impact area

Security

Severity

High

Affected element

ServiceNow

UI Script

Salesforce

Static Resource


Rule number

SN-JSL-010 (for ServiceNow)

SF-JSL-010 (for Salesforce)

Impact

jQuery before 3.4.0 mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

Remediation

Update jQuery to the latest version.

Time to fix

30 min

What's here


Related content

JavaScript rules

JavaScript best practices

Common Weakness Enumeration (CWE™)

Vulnerabilities in Open Source Libraries




Last modified on Aug 19, 2020
Copyright © QualityClouds 2021