misleading article
Closed this issue · 0 comments
DanielRuf commented
https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/
What I find interesting is the fact that no patch has been made available for older versions
This is not completely true.
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
Minor vulnerability fix: Object.prototype pollution
jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extend(true, {}, ...). If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype. This fix is included in jQuery 3.4.0, but patch diffs exist to patch previous jQuery versions.
https://github.com/DanielRuf/snyk-js-jquery-174006/
https://github.com/DanielRuf/snyk-js-jquery-174006/commits/master