Bug 1701972 (CVE-2019-11358)
| Summary: | CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | msiddiqu |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aboyko, ahenning, aileenc, alegrand, amasferr, anpicker, aos-bugs, apevec, ascheel, asoldano, bbaranow, bbuckingham, bcourt, bdettelb, bkearney, bmaxwell, bmcclain, bmontgom, bpeterse, brian.stansberry, btotty, cdewolf, cfeist, chazlett, cluster-maint, dajohnso, darran.lofthouse, dbecker, dblechte, dfediuck, dkreling, dmetzger, dosoudil, drieden, eedri, eparis, erooth, fche, fjuma, gblomqui, gmccullo, gshereme, gtanzill, hhorak, hhudgeon, idevat, ipa-maint, iweiss, janstey, jburrell, jfearn, jfrey, jhadvig, jhardy, jjoyce, jkurik, jochrist, jokerman, jorton, jprause, jschluet, jschorr, jshepherd, jsmith.fedora, jwon, kakkoyun, kbasil, kdixon, kmalyjur, krathod, kyoshida, lberk, lcosic, lewk, lgao, lhh, lpeer, maschmid, mburns, mgoldboi, mgoodwin, michal.skrivanek, mkudlej, mlisik, mloibl, mmccune, mosmerov, mpospisi, mrunge, msochure, msvehla, nathans, nobody, nodejs-sig, nstielau, nwallace, obarenbo, omachace, omular, patrickm, pcp-maint, pdrozd, peter.borsa, pjindal, pkrupa, pmackay, pskopek, puiterwijk, pvalena, pvoborni, python-maint, rbean, rchan, rcritten, rdopiera, rhcs-maint, Rhev-m-bugs, rhos-maint, rjerrido, roliveri, rstancel, sbonazzo, sclewis, security-response-team, sgratch, sguilhen, sherold, simaishi, sisharma, slavek.kabrda, slinaber, smaestri, sponnaga, sthorger, stickster, strzibny, surbania, tjochec, tlestach, tojeline, tomckay, tom.jenkinson, tscherf, twoerner, vbellur, vszocs, yturgema |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: |
https://issues.redhat.com/browse/ENTESB-11312 https://issues.redhat.com/browse/KEYCLOAK-10170 https://issues.redhat.com/browse/PROJQUAY-271 https://issues.redhat.com/browse/PROJQUAY-392 |
||
| Whiteboard: | |||
| Fixed In Version: | jquery 3.4.0, drupal 7.66 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-08-28 13:07:13 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1701996, 1701997, 1701999, 1729326, 1701973, 1701974, 1701975, 1701976, 1701977, 1701978, 1701979, 1701980, 1701993, 1701994, 1701998, 1702000, 1702619, 1702620, 1713487, 1713488, 1713489, 1713490, 1713492, 1714269, 1714271, 1714272, 1714273, 1714274, 1714291, 1729318, 1729319, 1729320, 1729321, 1729322, 1729323, 1729324, 1729325, 1729327, 1734230, 1734231, 1734232, 1735483, 1735484, 1741045, 1753842, 1795930, 1812024, 1812025, 1824018, 1848744, 1849818, 1849819, 1849838, 2093232, 2093233 | ||
| Bug Blocks: | 1702639, 2014197 | ||
|
Description
msiddiqu
2019-04-22 15:20:04 UTC
Created js-jquery tracking bugs for this issue: Affects: fedora-all [bug 1701973] Created js-jquery1 tracking bugs for this issue: Affects: fedora-all [bug 1701974] Created js-jquery2 tracking bugs for this issue: Affects: fedora-all [bug 1701975] Created python-XStatic-jQuery tracking bugs for this issue: Affects: fedora-all [bug 1701976] Created python-XStatic-jquery-ui tracking bugs for this issue: Affects: fedora-all [bug 1701977] Created python-tw2-jquery tracking bugs for this issue: Affects: fedora-all [bug 1701978] Created rubygem-jquery-rails tracking bugs for this issue: Affects: fedora-all [bug 1701979] Created rubygem-jquery-ui-rails tracking bugs for this issue: Affects: fedora-all [bug 1701980] Created python-tw-jquery tracking bugs for this issue: Affects: epel-6 [bug 1701993] Created python-tw2-jquery tracking bugs for this issue: Affects: epel-6 [bug 1701994] Created js-jquery tracking bugs for this issue: Affects: epel-7 [bug 1701996] Created js-jquery1 tracking bugs for this issue: Affects: epel-7 [bug 1701997] Created python-XStatic-jquery-ui tracking bugs for this issue: Affects: epel-7 [bug 1701998] Created python-XStatic-jQuery tracking bugs for this issue: Affects: epel-7 [bug 1701999] Created python-tw2-jquery tracking bugs for this issue: Affects: epel-7 [bug 1702000] Created drupal7 tracking bugs for this issue: Affects: epel-all [bug 1702620] Affects: fedora-all [bug 1702619] Two different CVE's assignments noticed: CVE-2019-11358: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927385 CVE-2019-5428: https://github.com/nodejs/security-wg/pull/507/commits/fd2867ae2c71687af968fd60d333acbacd24e6bb I had filed the flaw bug with CVE-2019-11358, Need confirmation from analysts about which one this is. jQuery library provides a jQuery.extend() function which merge the content from two or more objects into a target object. Prior version 3.4.0 the extend() function doesn't validate properly the parameters sent to it, an attacker can leverage this weakness by using the __proto__ property on a well formatted input to create or inject new object properties, functions or cause unexpected behavior on the target application. This issue has been addressed in the following products: Red Hat Single Sign-On 7.3.2 zip Via RHSA-2019:1456 https://access.redhat.com/errata/RHSA-2019:1456 Created python-XStatic-jQuery tracking bugs for this issue: Affects: openstack-rdo [bug 1729326] Created python-XStatic-jquery-ui tracking bugs for this issue: Affects: openstack-rdo [bug 1729327] This vulnerability was addressed Red Hat Virtualization 4.3 package ovirt-engine-api-explorer via https://access.redhat.com/errata/RHBA-2019:1570 Statement: Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11358 This issue has been addressed in the following products: CloudForms Management Engine 5.10 Via RHSA-2019:2587 https://access.redhat.com/errata/RHSA-2019:2587 This issue has been addressed in the following products: Red Hat Virtualization Engine 4.3 Via RHSA-2019:3023 https://access.redhat.com/errata/RHSA-2019:3023 This issue has been addressed in the following products: Red Hat Virtualization Engine 4.3 Via RHSA-2019:3024 https://access.redhat.com/errata/RHSA-2019:3024 This issue has been addressed in the following products: Red Hat OpenStack Platform 15.0 (Stein) Via RHSA-2020:1325 https://access.redhat.com/errata/RHSA-2020:1325 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.11 Via RHBA-2020:0402 https://access.redhat.com/errata/RHBA-2020:0402 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.5 Via RHSA-2020:2412 https://access.redhat.com/errata/RHSA-2020:2412 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3936 https://access.redhat.com/errata/RHSA-2020:3936 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2020:4298 https://access.redhat.com/errata/RHSA-2020:4298 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4670 https://access.redhat.com/errata/RHSA-2020:4670 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4847 https://access.redhat.com/errata/RHSA-2020:4847 This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS Via RHSA-2020:5581 https://access.redhat.com/errata/RHSA-2020:5581 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:7343 https://access.redhat.com/errata/RHSA-2022:7343 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2023:0553 https://access.redhat.com/errata/RHSA-2023:0553 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2023:0552 https://access.redhat.com/errata/RHSA-2023:0552 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Via RHSA-2023:0554 https://access.redhat.com/errata/RHSA-2023:0554 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2023:0556 https://access.redhat.com/errata/RHSA-2023:0556 This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 7 Via RHSA-2023:1043 https://access.redhat.com/errata/RHSA-2023:1043 This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 8 Via RHSA-2023:1044 https://access.redhat.com/errata/RHSA-2023:1044 This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 9 Via RHSA-2023:1045 https://access.redhat.com/errata/RHSA-2023:1045 This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2023:1047 https://access.redhat.com/errata/RHSA-2023:1047 This issue has been addressed in the following products: Red Hat Single Sign-On Via RHSA-2023:1049 https://access.redhat.com/errata/RHSA-2023:1049 |