Description
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Remediation
References
Related Vulnerabilities
MySQL CVE-2020-14633 Vulnerability (CVE-2020-14633)
WebLogic CVE-2017-10178 Vulnerability (CVE-2017-10178)
Drupal Core 9.0.x Cross-Site Scripting (9.0.0 - 9.0.14)
Apache HTTP Server Missing Authorization Vulnerability (CVE-2020-13938)
WordPress Plugin Viral Quiz Maker-OnionBuzz SQL Injection (1.2.6)