Description

Joomla! Core is prone to a prototype pollution vulnerability. Exploiting this issue may allow attackers to add or modify existing properties of an "Object", when controlling part of it's structure. Joomla! Core versions 3.x.x ranging from 3.0.0 and up to and including 3.9.4 are vulnerable.

Remediation

Update to Joomla! Core version 3.9.5 or latest

References

https://developer.joomla.org/security-centre/779-20190403-core-object-prototype-pollution-in-jquery-extend.html

Related Vulnerabilities

Collabtive Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2015-0258)

WordPress Plugin AutomatorWP-The most flexible and powerful no-code automation for WordPress Security Bypass (1.7.5)

Oracle Database Server CVE-2014-4293 Vulnerability (CVE-2014-4293)

Drupal Core 5.x Information Disclosure (5.0 - 5.18)

Oracle JRE CVE-2017-10357 Vulnerability (CVE-2017-10357)

Severity

High

Classification

CVE-2019-11358 CWE-610 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update