{"id":"CVE-2019-11358","details":"jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.","aliases":["DRUPAL-CORE-2019-006","GHSA-6c3j-c64m-qhgq"],"modified":"2026-04-16T04:32:32.817065480Z","published":"2019-04-20T00:29:00.247Z","related":["ALSA-2020:4670","SNYK-JS-JQUERY-174006","openSUSE-SU-2019:1839-1","openSUSE-SU-2019:1872-1","openSUSE-SU-2024:0231-1","openSUSE-SU-2024:11205-1","openSUSE-SU-2024:11242-1","openSUSE-SU-2024:13887-1","openSUSE-SU-2024:14208-1","openSUSE-SU-2026:10005-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"},{"type":"ADVISORY","url":"https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"},{"type":"ADVISORY","url":"https://www.synology.com/security/advisory/Synology_SA_19_19"},{"type":"ADVISORY","url":"https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"},{"type":"ADVISORY","url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190919-0001/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2587"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3024"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1456"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4434"},{"type":"ADVISORY","url":"https://www.tenable.com/security/tns-2019-08"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2019/Apr/32"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/108023"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHBA-2019:1570"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3023"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4460"},{"type":"ADVISORY","url":"https://www.tenable.com/security/tns-2020-02"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2019/May/10"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"},{"type":"ADVISORY","url":"https://backdropcms.org/security/backdrop-sa-core-2019-009"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"},{"type":"REPORT","url":"https://seclists.org/bugtraq/2019/Jun/12"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"},{"type":"REPORT","url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"},{"type":"FIX","url":"https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"},{"type":"FIX","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2019/06/03/2"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"type":"FIX","url":"https://github.com/jquery/jquery/pull/4333"},{"type":"FIX","url":"http://seclists.org/fulldisclosure/2019/May/13"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"type":"FIX","url":"https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"},{"type":"FIX","url":"https://seclists.org/bugtraq/2019/May/18"},{"type":"FIX","url":"https://www.drupal.org/sa-core-2019-006"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"type":"FIX","url":"http://seclists.org/fulldisclosure/2019/May/11"},{"type":"EVIDENCE","url":"https://snyk.io/vuln/SNYK-JS-JQUERY-174006"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/backdrop/backdrop","events":[{"introduced":"963141d57d9ba861216fa85bf8a135f65d2c06be"},{"fixed":"17198299114cf7c5c88a1bdf597a74734751687d"},{"introduced":"b7f9a6908911617be8f83ea1d7daaa3be2453874"},{"fixed":"8e7a1b9546d32ac84f7bfaaaf3ee2439ba7b0c1a"}],"database_specific":{"versions":[{"introduced":"1.11.0"},{"fixed":"1.11.9"},{"introduced":"1.12.0"},{"fixed":"1.12.6"}]}},{"type":"GIT","repo":"https://github.com/drupal/drupal","events":[{"introduced":"0"},{"last_affected":"35c2f3ca5c935f3d8bde15932a712677c9bbd50f"},{"introduced":"0"},{"last_affected":"d62812dc17ce593beb2ccd4cdbee1a76c95e3fd7"},{"introduced":"0"},{"last_affected":"2700c5afb6c3936041db413872eea82dc0bd4fe4"},{"introduced":"497914920385b7016ac9c9367e0198530787adf2"},{"fixed":"9735baff3afe061f98e568c1d1f83d56f3a0212a"},{"introduced":"b73ab73d39dca97a12513e8a9e4f4da4b0676f5f"},{"fixed":"c5bc3922f27c93ab3669428a504212adb801400f"},{"introduced":"9b04d294324d9c76be4b596de4316cb8804e8223"},{"fixed":"91ded4b7776e05ee9633bdc1c458b41c718133e0"},{"introduced":"0"},{"last_affected":"de0e3d3a24a9cadaa67e56cc755f18d9de417a2e"},{"introduced":"0"},{"last_affected":"d6c7b4cf627ab409c595e1c76bf0a8deadbc7feb"},{"introduced":"0"},{"last_affected":"eabb023933ac83947e5d238c4a83b1f5bdbcc738"},{"introduced":"0"},{"last_affected":"35c2f3ca5c935f3d8bde15932a712677c9bbd50f"},{"introduced":"0"},{"last_affected":"f7e125ce37fbf52b9581c2f9fade7ff33267bb42"},{"introduced":"0"},{"last_affected":"fb83de52e58e8fb3303de7aa9834f99ae128564a"},{"introduced":"0"},{"last_affected":"6ffaabfece5d21e41c1ae53c8e3a8f6ffa94582a"},{"introduced":"0"},{"last_affected":"c0d600fe2ce507f28e91acc51d7f63be28521536"},{"introduced":"0"},{"last_affected":"fb83de52e58e8fb3303de7aa9834f99ae128564a"},{"introduced":"0"},{"last_affected":"6ffaabfece5d21e41c1ae53c8e3a8f6ffa94582a"},{"introduced":"f8d6bbf44160e6d00e71f0172ecf80e78d0f0d3c"},{"last_affected":"49f719f7c4f7c1b69dc35ff8fbdea123e7d88f92"},{"introduced":"0"},{"last_affected":"497914920385b7016ac9c9367e0198530787adf2"},{"introduced":"0"},{"last_affected":"c0d600fe2ce507f28e91acc51d7f63be28521536"},{"introduced":"0"},{"last_affected":"fb83de52e58e8fb3303de7aa9834f99ae128564a"},{"introduced":"0"},{"last_affected":"6ffaabfece5d21e41c1ae53c8e3a8f6ffa94582a"},{"introduced":"0"},{"last_affected":"c0d600fe2ce507f28e91acc51d7f63be28521536"},{"introduced":"0"},{"last_affected":"fb83de52e58e8fb3303de7aa9834f99ae128564a"},{"introduced":"0"},{"last_affected":"6ffaabfece5d21e41c1ae53c8e3a8f6ffa94582a"},{"introduced":"0"},{"last_affected":"ebf9026bb8411de4866824f45ab825ecb41a5f47"},{"introduced":"0"},{"last_affected":"49e2d2ca6f6c6489b07b9e863150d20a38148a57"},{"introduced":"0"},{"last_affected":"abfe77673a5a6194ef13600e05f1ca2c5dd59db8"},{"introduced":"647bfab79e6ee1fddb339c50152315e479d4fe8f"},{"last_affected":"f7e125ce37fbf52b9581c2f9fade7ff33267bb42"},{"introduced":"0"},{"last_affected":"f7e125ce37fbf52b9581c2f9fade7ff33267bb42"},{"introduced":"0"},{"last_affected":"f7e125ce37fbf52b9581c2f9fade7ff33267bb42"},{"introduced":"0"},{"last_affected":"f7e125ce37fbf52b9581c2f9fade7ff33267bb42"},{"introduced":"0"},{"last_affected":"f7e125ce37fbf52b9581c2f9fade7ff33267bb42"},{"introduced":"0"},{"last_affected":"f7e125ce37fbf52b9581c2f9fade7ff33267bb42"},{"introduced":"0"},{"last_affected":"766daeb0449588db7207606c22bcf7b59d1f6f9b"},{"introduced":"0"},{"last_affected":"f7e125ce37fbf52b9581c2f9fade7ff33267bb42"},{"introduced":"0"},{"last_affected":"f7e125ce37fbf52b9581c2f9fade7ff33267bb42"},{"introduced":"0"},{"last_affected":"f7e125ce37fbf52b9581c2f9fade7ff33267bb42"},{"introduced":"0"},{"last_affected":"647bfab79e6ee1fddb339c50152315e479d4fe8f"},{"introduced":"0"},{"last_affected":"766daeb0449588db7207606c22bcf7b59d1f6f9b"},{"introduced":"0"},{"last_affected":"f7e125ce37fbf52b9581c2f9fade7ff33267bb42"},{"introduced":"0"},{"last_affected":"f7e125ce37fbf52b9581c2f9fade7ff33267bb42"},{"introduced":"0"},{"last_affected":"d918ae1ecc4e0fb86ae9296da1a39f02bd36cde4"},{"introduced":"0"},{"last_affected":"766daeb0449588db7207606c22bcf7b59d1f6f9b"},{"introduced":"0"},{"last_affected":"f7e125ce37fbf52b9581c2f9fade7ff33267bb42"},{"introduced":"0"},{"last_affected":"f25feddd5ca56e6155e26e52667ab4fef87bb19d"},{"introduced":"0"},{"last_affected":"766daeb0449588db7207606c22bcf7b59d1f6f9b"},{"introduced":"f25feddd5ca56e6155e26e52667ab4fef87bb19d"},{"last_affected":"766daeb0449588db7207606c22bcf7b59d1f6f9b"},{"introduced":"0"},{"last_affected":"766daeb0449588db7207606c22bcf7b59d1f6f9b"},{"introduced":"0"},{"last_affected":"f7e125ce37fbf52b9581c2f9fade7ff33267bb42"},{"introduced":"0"},{"last_affected":"766daeb0449588db7207606c22bcf7b59d1f6f9b"},{"introduced":"0"},{"last_affected":"943ecef3c0bc9822338252a7df6419aeb9253c9d"},{"introduced":"9b04d294324d9c76be4b596de4316cb8804e8223"},{"last_affected":"29c2941b8610cee425621c7e601196f5a9539069"},{"introduced":"0"},{"last_affected":"7f1be96427e86c9ba5665f7c8c2e713cae15edec"},{"introduced":"0"},{"last_affected":"90cb860744586a9287c7674f7032fed818a01384"},{"introduced":"0"},{"last_affected":"b73ab73d39dca97a12513e8a9e4f4da4b0676f5f"},{"introduced":"0"},{"last_affected":"9798f28fe983bea94fb06ff52423355688066780"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.0"},{"introduced":"0"},{"last_affected":"9.0"},{"introduced":"0"},{"last_affected":"10.0"},{"introduced":"7.0"},{"fixed":"7.66"},{"introduced":"8.5.0"},{"fixed":"8.5.15"},{"introduced":"8.6.0"},{"fixed":"8.6.15"},{"introduced":"0"},{"last_affected":"4.7"},{"introduced":"0"},{"last_affected":"6.1"},{"introduced":"0"},{"last_affected":"7.5"},{"introduced":"0"},{"last_affected":"8.0.0"},{"introduced":"0"},{"last_affected":"8.1"},{"introduced":"0"},{"last_affected":"8.2"},{"introduced":"0"},{"last_affected":"8.2.1"},{"introduced":"0"},{"last_affected":"8.1.1"},{"introduced":"0"},{"last_affected":"8.2.0"},{"introduced":"0"},{"last_affected":"8.2.1"},{"introduced":"6.0"},{"last_affected":"6.4"},{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"0"},{"last_affected":"8.1.1"},{"introduced":"0"},{"last_affected":"8.2.0"},{"introduced":"0"},{"last_affected":"8.2.1"},{"introduced":"0"},{"last_affected":"8.1.1"},{"introduced":"0"},{"last_affected":"8.2.0"},{"introduced":"0"},{"last_affected":"8.2.1"},{"introduced":"0"},{"last_affected":"7.3"},{"introduced":"0"},{"last_affected":"7.2"},{"introduced":"0"},{"last_affected":"8.4"},{"introduced":"8.0.2"},{"last_affected":"8.1.0"},{"introduced":"0"},{"last_affected":"8.1.0"},{"introduced":"0"},{"last_affected":"8.1.0"},{"introduced":"0"},{"last_affected":"8.1.0"},{"introduced":"0"},{"last_affected":"8.1.0"},{"introduced":"0"},{"last_affected":"8.1.0"},{"introduced":"0"},{"last_affected":"8.0.6"},{"introduced":"0"},{"last_affected":"8.1.0"},{"introduced":"0"},{"last_affected":"8.1.0"},{"introduced":"0"},{"last_affected":"8.1.0"},{"introduced":"0"},{"last_affected":"8.0.2"},{"introduced":"0"},{"last_affected":"8.0.6"},{"introduced":"0"},{"last_affected":"8.1.0"},{"introduced":"0"},{"last_affected":"8.1.0"},{"introduced":"0"},{"last_affected":"8.0.5"},{"introduced":"0"},{"last_affected":"8.0.6"},{"introduced":"0"},{"last_affected":"8.1.0"},{"introduced":"0"},{"last_affected":"8.0.4"},{"introduced":"0"},{"last_affected":"8.0.6"},{"introduced":"8.0.4"},{"last_affected":"8.0.6"},{"introduced":"0"},{"last_affected":"8.0.6"},{"introduced":"0"},{"last_affected":"8.1.0"},{"introduced":"0"},{"last_affected":"8.0.6"},{"introduced":"0"},{"last_affected":"9.2"},{"introduced":"8.6.0"},{"last_affected":"8.6.3"},{"introduced":"0"},{"last_affected":"10.4.7"},{"introduced":"0"},{"last_affected":"10.4.6"},{"introduced":"0"},{"last_affected":"8.5"},{"introduced":"0"},{"last_affected":"8.5.1"}]}},{"type":"GIT","repo":"https://github.com/joomla/joomla-cms","events":[{"introduced":"c1acb7e6973bd549fe35a02659fe851ff1a37dfe"},{"last_affected":"4e45f91fdaf662f6844153b3cf3bc87f1defadb1"},{"introduced":"0"},{"last_affected":"e04287312687ae500d6bea8e9c4b31ab1c4b7afe"},{"introduced":"0"},{"last_affected":"590fd61dfacabe0f776880864667631ff8ec9014"},{"introduced":"49c1e96a77e192ab5cd1071df88ba2e48683218e"},{"last_affected":"e04287312687ae500d6bea8e9c4b31ab1c4b7afe"},{"introduced":"0"},{"last_affected":"49c1e96a77e192ab5cd1071df88ba2e48683218e"},{"introduced":"0"},{"last_affected":"b6f66c99da6757381c2aa2b276bc259ad7b40f0b"},{"introduced":"0"},{"last_affected":"526934f5a6a71618844d316bb105a758d6f7371b"},{"introduced":"0"},{"last_affected":"af5a21f6c9e5f49f652f49504f7bc64eab216602"},{"introduced":"c1acb7e6973bd549fe35a02659fe851ff1a37dfe"},{"last_affected":"bbdf775fbee26d275ce60ea466b778e4694210a1"}],"database_specific":{"versions":[{"introduced":"3.0"},{"last_affected":"3.1.3"},{"introduced":"0"},{"last_affected":"4.3"},{"introduced":"0"},{"last_affected":"3.8m0"},{"introduced":"4.1"},{"last_affected":"4.3"},{"introduced":"0"},{"last_affected":"4.1.0"},{"introduced":"0"},{"last_affected":"3.3.2"},{"introduced":"0"},{"last_affected":"4.2.0"},{"introduced":"0"},{"last_affected":"4.2.1"},{"introduced":"3.0.0"},{"last_affected":"3.9.4"}]}},{"type":"GIT","repo":"https://github.com/jquery/jquery","events":[{"introduced":"0"},{"fixed":"b7fc909edda2d8cf63d0eaffe9bd12f33e492ad3"},{"introduced":"0"},{"last_affected":"c2c017bc1527d350bbd80ea27976d9db71a2f591"},{"introduced":"0"},{"last_affected":"b7fc909edda2d8cf63d0eaffe9bd12f33e492ad3"},{"introduced":"0"},{"last_affected":"4f2fae08f23b54ce09322e62e73cce6161b8d3cb"},{"introduced":"0"},{"last_affected":"d0d2d9b9b004cf0c6763c871646e01ca67579253"},{"introduced":"0"},{"last_affected":"f71eeda0fac4ec1442e631e90ff0703a0fb4ac96"},{"introduced":"0"},{"last_affected":"32b00373b3f42e5cdcb709df53f3b08b7184a944"},{"introduced":"0"},{"last_affected":"b7fc909edda2d8cf63d0eaffe9bd12f33e492ad3"},{"introduced":"0"},{"last_affected":"07458abcaf02b5e991223953081bb0dd5240e2c1"},{"fixed":"753d591aea698e57d6db58c9f722cd0808619b1b"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.4.0"},{"introduced":"0"},{"last_affected":"1.6"},{"introduced":"0"},{"last_affected":"3.4"},{"introduced":"0"},{"last_affected":"4.0"},{"introduced":"0"},{"last_affected":"3.1.0"},{"introduced":"0"},{"last_affected":"3.2.1"},{"introduced":"0"},{"last_affected":"3.3.1"},{"introduced":"0"},{"last_affected":"3.4.0"},{"introduced":"0"},{"last_affected":"1.4.3"}]}}],"versions":["1.0","1.0.1","1.0.2","1.0.3","1.0.4","1.0a","1.1","1.1.1","1.1.2","1.1.3","1.1.3.1","1.1.3a","1.1.4","1.11.0","1.11.1","1.11.2","1.11.3","1.11.4","1.11.5","1.11.6","1.11.7","1.11.8","1.12.0","1.12.1","1.12.2","1.12.3","1.12.4","1.12.5","1.1a","1.1b","1.2","1.2.1","1.2.2","1.2.2b","1.2.2b2","1.2.3a","1.2.3b","1.2.4","1.2.4a","1.2.4b","1.2.5","1.3.1rc1","1.3b1","1.3b2","1.3rc1","1.4.3","1.4.3rc1","1.4.3rc2","1.4.4rc1","1.4.4rc2","1.4.4rc3","1.4a1","1.4a2","1.4rc1","1.5.1rc1","1.5.2rc1","1.5b1","1.5rc1","1.6","1.6.0","1.6.1rc1","1.6.2rc1","1.6.3rc1","1.6.4rc1","1.6b1","1.6rc1","1.7.1rc1","1.7.2b1","1.7.2rc1","1.7b1","1.7b2","1.7rc1","1.8b1","1.8b2","1.8rc1","1.9.0b1","10.0.0","10.0.0-alpha1","10.0.0-alpha3","10.0.0-alpha4","10.0.0-alpha5","10.0.0-alpha6","10.0.0-alpha7","10.0.0-beta1","10.0.0-beta2","10.0.0-rc1","10.0.0-rc2","10.0.0-rc3","10.1.0-alpha1","10.4.0","10.4.0-beta1","10.4.0-rc1","10.4.1","10.4.2","10.4.4","10.4.6","10.4.7","2.0","2.0.0-beta3","2.0.0b1","2.0.0b2","2.1.0-beta1","3.0.0","3.0.1","3.0.3","3.1.0","3.1.0_beta1","3.1.0_beta2","3.1.0_beta3","3.1.0_beta4","3.1.0_beta5","3.1.1","3.1.2","3.1.3","3.1.5","3.2.0","3.2.0.alpha","3.2.0.beta","3.2.0.rc","3.2.1","3.2.2","3.2.3","3.2.4","3.3.0","3.3.1","3.3.2","3.4.0","3.4.0-beta1","3.4.0-beta2","3.4.0-beta3","3.4.0-rc","3.4.1","3.4.1-rc","3.4.1-rc2","3.4.2","3.4.2-rc","3.4.3","3.4.4","3.4.4-rc","3.4.4-rc2","3.4.5","3.5.0","3.5.0-beta","3.5.0-beta2","3.5.0-beta3","3.5.0-beta4","3.5.0-beta5","3.5.0-rc","3.5.0-rc2","3.5.0-rc4","3.5.1","3.5.1-rc","3.5.1-rc2","3.6.0","3.6.0-alpha","3.6.0-beta1","3.6.0-beta2","3.6.0-rc","3.6.0-rc2","3.6.1","3.6.1-rc1","3.6.1-rc2","3.6.2","3.6.3","3.6.3-rc1","3.6.3-rc2","3.6.3-rc3","3.7.0","3.7.0-alpha1","3.7.0-beta1","3.7.0-beta2","3.7.0-beta3","3.7.0-beta4","3.7.0-rc1","3.7.0-rc2","3.7.0-rc3","3.7.0-rc4","3.7.1","3.7.1-rc1","3.7.1-rc2","3.7.2","3.7.3","3.7.3-beta1","3.7.3-rc1","3.7.3-rc2","3.7.4-beta1","3.7.4-rc1","3.8.0","3.8.0-beta1","3.8.0-beta2","3.8.0-beta3","3.8.0-beta4","3.8.0-rc1","3.8.1","3.8.1-rc","3.8.10","3.8.11","3.8.11-rc","3.8.12","3.8.12-rc","3.8.2","3.8.2-rc","3.8.3","3.8.3-rc","3.8.4","3.8.4-rc","3.8.4-rc2","3.8.5","3.8.5-rc","3.8.6","3.8.6-rc1","3.8.7","3.8.7-rc","3.8.8","3.8.8-rc","3.8.9","3.8.9-rc","3.9.0","3.9.0-beta","3.9.0-beta2","3.9.0-beta3","3.9.0-beta4","3.9.0-rc","3.9.0-rc2","3.9.1","3.9.1-rc","3.9.2","3.9.2-rc","3.9.3","3.9.3-rc","3.9.4","3.9.4-rc","4.0.0","4.0.0-alpha1","4.0.0-alpha10","4.0.0-alpha11","4.0.0-alpha12","4.0.0-alpha2","4.0.0-alpha4","4.0.0-alpha5","4.0.0-alpha6","4.0.0-alpha7","4.0.0-alpha8","4.0.0-alpha9","4.0.0-beta","4.0.0-beta.2","4.0.0-beta2","4.0.0-beta3","4.0.0-rc.1","4.0.0-rc.2","4.1.0","4.1.0-alpha1","4.1.0-alpha2","4.1.0-alpha3","4.1.0-beta1","4.1.0-beta2","4.1.0-beta3","4.1.0-rc1","4.2.0","4.2.0-alpha1","4.2.0-alpha2","4.2.0-alpha3","4.2.0-beta1","4.2.0-beta2","4.2.0-beta3","4.2.0-rc1","4.2.1","4.2.1-rc1","4.2.1-rc2","4.2.1-rc3","4.3.0","4.3.0-alpha2","4.3.0-alpha3","4.3.0-beta1","4.3.0-beta2","4.3.0-beta3","4.3.0-beta4","4.3.0-rc1","4.3.0-rc2","4.3.0-rc3","4.7.0","4.7.0-rc-4","6.0","6.1","6.2","6.3","6.4","7.0","7.10","7.12","7.14","7.15","7.17","7.2","7.22","7.23","7.25","7.28","7.3","7.30","7.33","7.36","7.37","7.4","7.40","7.42","7.43","7.5","7.50","7.51","7.54","7.55","7.56","7.6","7.61","7.64","7.65","7.7","7.8","7.9","8.0-alpha10","8.0-alpha11","8.0-alpha12","8.0-alpha13","8.0-alpha2","8.0-alpha3","8.0-alpha4","8.0-alpha5","8.0-alpha6","8.0-alpha7","8.0-alpha8","8.0-alpha9","8.0.0","8.0.0-alpha14","8.0.0-alpha15","8.0.0-beta1","8.0.0-beta10","8.0.0-beta11","8.0.0-beta12","8.0.0-beta13","8.0.0-beta14","8.0.0-beta15","8.0.0-beta16","8.0.0-beta2","8.0.0-beta3","8.0.0-beta4","8.0.0-beta5","8.0.0-beta6","8.0.0-beta7","8.0.0-beta9","8.0.0-rc1","8.0.0-rc2","8.0.0-rc3","8.0.0-rc4","8.0.2","8.0.3","8.0.4","8.0.5","8.0.6","8.1.0","8.1.0-beta1","8.1.0-beta2","8.1.0-rc1","8.1.1","8.2.0","8.2.0-beta1","8.2.0-beta2","8.2.0-beta3","8.2.0-rc1","8.2.0-rc2","8.2.1","8.4.0","8.4.0-alpha1","8.4.0-beta1","8.4.0-rc1","8.4.0-rc2","8.5.0","8.5.1","8.5.12","8.5.13","8.5.14","8.5.4","8.5.5","8.5.7","8.6.0","8.6.1","8.6.11","8.6.12","8.6.14","8.6.3","8.6.4","8.6.5","8.6.8","8.6.9","9.0.0","9.0.0-alpha1","9.0.0-alpha2","9.0.0-beta1","9.0.0-beta2","9.0.0-beta3","9.0.0-rc1","9.2.0","9.2.0-alpha1","9.2.0-beta1","9.2.0-beta2","9.2.0-beta3","9.2.0-rc1","cypress","cypress-io","issues-241-257","psr12anchor","psr12final","start"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11358.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"28"}]},{"events":[{"introduced":"0"},{"last_affected":"29"}]},{"events":[{"introduced":"0"},{"last_affected":"30"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0-sp1"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"6.2.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.2.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.2.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.2.3.0"}]},{"events":[{"introduced":"0"},{"fixed":"19.1"}]},{"events":[{"introduced":"0"},{"last_affected":"13.2.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"13.3.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.5.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"13.1.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"13.2"}]},{"events":[{"introduced":"0"},{"last_affected":"13.2.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"13.3"}]},{"events":[{"introduced":"0"},{"last_affected":"13.3.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"18.1"}]},{"events":[{"introduced":"0"},{"last_affected":"18.2"}]},{"events":[{"introduced":"0"},{"last_affected":"18.3"}]},{"events":[{"introduced":"0"},{"last_affected":"19.1"}]},{"events":[{"introduced":"0"},{"last_affected":"19.2"}]},{"events":[{"introduced":"0"},{"last_affected":"20.1"}]},{"events":[{"introduced":"2.7.0"},{"last_affected":"2.8.0"}]},{"events":[{"introduced":"2.4.0"},{"last_affected":"2.10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"5.5.0.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"7.5.0.23.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0.0.3.0"}]},{"events":[{"introduced":"16.1.0"},{"last_affected":"16.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"2.12.36"}]},{"events":[{"introduced":"0"},{"last_affected":"12.3.3"}]},{"events":[{"introduced":"0"},{"last_affected":"12.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.4.0.0"}]},{"events":[{"introduced":"7.3.3"},{"last_affected":"7.3.5"}]},{"events":[{"introduced":"8.0.4"},{"last_affected":"8.0.7"}]},{"events":[{"introduced":"8.0.4"},{"last_affected":"8.0.7"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.8"}]},{"events":[{"introduced":"8.0.4"},{"last_affected":"8.0.7"}]},{"events":[{"introduced":"8.0.4"},{"last_affected":"8.0.7"}]},{"events":[{"introduced":"8.0.4"},{"last_affected":"8.0.8"}]},{"events":[{"introduced":"8.0.6"},{"last_affected":"8.0.9"}]},{"events":[{"introduced":"8.0.5"},{"last_affected":"8.0.7"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.7"}]},{"events":[{"introduced":"8.0.4"},{"last_affected":"8.0.7"}]},{"events":[{"introduced":"8.0.4"},{"last_affected":"8.0.7"}]},{"events":[{"introduced":"8.0.4"},{"last_affected":"8.0.7"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.0.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.4.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.5.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.7"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.8"}]},{"events":[{"introduced":"8.0.2"},{"last_affected":"8.0.7"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.8"}]},{"events":[{"introduced":"8.0.4"},{"last_affected":"8.0.7"}]},{"events":[{"introduced":"8.0.4"},{"last_affected":"8.0.7"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.7"}]},{"events":[{"introduced":"8.0.4"},{"last_affected":"8.0.7"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.7"}]},{"events":[{"introduced":"0"},{"last_affected":"2.4.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"2.4.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"18.1"}]},{"events":[{"introduced":"19.1.0"},{"last_affected":"19.1.2"}]},{"events":[{"introduced":"0"},{"last_affected":"18.1"}]},{"events":[{"introduced":"0"},{"last_affected":"18.2"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.9"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.8"}]},{"events":[{"introduced":"8.0.4"},{"last_affected":"8.0.7"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.7"}]},{"events":[{"introduced":"5.0.0.0"},{"last_affected":"5.6.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"5.6.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.7"}]},{"events":[{"introduced":"0"},{"last_affected":"11.1.1.9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.1.1.9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.1.3.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.55"}]},{"events":[{"introduced":"0"},{"last_affected":"8.56"}]},{"events":[{"introduced":"0"},{"last_affected":"8.57"}]},{"events":[{"introduced":"0"},{"last_affected":"8.58"}]},{"events":[{"introduced":"12.2.0"},{"last_affected":"12.2.15"}]},{"events":[{"introduced":"0"},{"last_affected":"12.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.1.1"}]},{"events":[{"introduced":"12.2.0"},{"last_affected":"12.2.15"}]},{"events":[{"introduced":"16.2.0"},{"last_affected":"16.2.11"}]},{"events":[{"introduced":"17.12.0"},{"last_affected":"17.12.7"}]},{"events":[{"introduced":"18.8.0"},{"last_affected":"18.8.9"}]},{"events":[{"introduced":"19.12.0"},{"last_affected":"19.12.4"}]},{"events":[{"introduced":"0"},{"last_affected":"15.2.18"}]},{"events":[{"introduced":"17.7"},{"last_affected":"17.12"}]},{"events":[{"introduced":"0"},{"last_affected":"16.1"}]},{"events":[{"introduced":"0"},{"last_affected":"16.2"}]},{"events":[{"introduced":"0"},{"last_affected":"18.8"}]},{"events":[{"introduced":"2.3.0.1"},{"last_affected":"2.3.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"11.2.0.4"}]},{"events":[{"introduced":"0"},{"last_affected":"12.1.0.2"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"18c"}]},{"events":[{"introduced":"0"},{"last_affected":"19c"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.1"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.1"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0"}]},{"events":[{"introduced":"0"},{"last_affected":"18.0"}]},{"events":[{"introduced":"0"},{"last_affected":"19.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.1"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.1"}]},{"events":[{"introduced":"0"},{"last_affected":"11.1.1.9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.1.3.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"19.8"}]},{"events":[{"introduced":"0"},{"last_affected":"20.8"}]},{"events":[{"introduced":"0"},{"last_affected":"2.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"19.1"}]},{"events":[{"introduced":"2.3.0.1"},{"last_affected":"2.3.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.3.6.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.1.3.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.1.1.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"21.2-NA"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}