[wp-trac] [WordPress Trac] #47020: jQuery Update 3.4.0 vulnerability
WordPress Trac
noreply at wordpress.org
Tue Apr 23 20:07:15 UTC 2019
#47020: jQuery Update 3.4.0 vulnerability
--------------------------+-----------------------------
Reporter: MikeNGarrett | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 5.1.1
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
jQuery's latest release contains a fix for jQuery.extend which allows for
unintended behavior which could lead to cross site scripting attacks.
From [https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ jQuery's
3.4.0 release notes]:
jQuery 3.4.0 includes a fix for some unintended behavior when using
`jQuery.extend(true, {}, ...)`. If an unsanitized source object contained
an enumerable `__proto__` property, it could extend the native
Object.prototype. This fix is included in jQuery 3.4.0, but patch diffs
exist to patch previous jQuery versions.
This vulnerability affects all previous version of jQuery. As they mention
in the release notes, "[https://github.com/DanielRuf/snyk-js-
jquery-174006?files=1 patch diffs exist] to match previous jQuery
versions."
For reference, [https://www.drupal.org/SA-CORE-2019-006 Drupal released a
core patch] for 7 and 8 which replaced `jQuery.extend()` completely with
minor changes compatible with all old versions of jQuery. See
[https://github.com/drupal/drupal/blob/7.x/misc/jquery-extend-3.4.0.js
Drupal's core patch].
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47020>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list