Description
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Remediation
References
Related Vulnerabilities
WordPress Plugin Page Builder:Live Composer Cross-Site Scripting (1.5.22)
WordPress Plugin Request a Quote Cross-Site Scripting (2.3.3)
PleskLin Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4878)
ownCloud Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-36252)
WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10334)