Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-11358 PoC — jQuery 跨站脚本漏洞

Source
https://github.com/bitnesswise/jquery-prototype-pollution-fix
Associated Vulnerability
Title:jQuery 跨站脚本漏洞 (CVE-2019-11358)
Description:jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Description
A fix for CVE-2019-11358 (prototype pollution in jquery)
Readme
# jquery-prototype-pollution-fix
A fix for CVE-2019-11358 (prototype pollution in jquery)

Simply download and include **jquery-1.12.2-patched.js** into your project instead of the original 1.12.2 version.

See test folder for examples how to check for the vulnerability
File Snapshot

 [4.0K]  /data/pocs/16ca9a8f74056823c96c987738ed17a2620402a9
├── [287K]  jquery-1.12.2-patched.js
├── [ 271]  README.md
└── [4.0K]  test
    ├── [ 218]  jquery-latest-test.html
    ├── [ 208]  jquery-not-latest-test.html
    ├── [ 208]  jquery-not-latest-test-patched.html
    └── [ 448]  test.js

1 directory, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →