Search for vulnerabilities
| Vulnerability ID | VCID-2x8d-vwaz-xydt |
| Aliases |
CVE-2019-5428
GHSA-wv67-q8rr-grjp |
| Summary | Duplicate Advisory: Prototype Pollution in jquery ## Duplicate Advisory This advisory is a duplicate of [GHSA-6c3j-c64m-qhgq](https://github.com/advisories/GHSA-6c3j-c64m-qhgq). This link is maintained to preserve external references. ## Original Description Versions of `jquery` prior to 3.4.0 are vulnerable to Prototype Pollution. The extend() method allows an attacker to modify the prototype for `Object` causing changes in properties that will exist on all objects. ## Recommendation Upgrade to version 3.4.0 or later. |
| Status | Invalid |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| System | Score | Found at |
|---|---|---|
| generic_textual | MODERATE | https://blog.jquery.com/2019/04/10/jquery-3-4-0-released |
| cvssv3.1_qr | MODERATE | https://github.com/advisories/GHSA-wv67-q8rr-grjp |
| generic_textual | MODERATE | https://github.com/jquery/jquery/pull/4333 |
| cvssv3 | 5.6 | https://github.com/nodejs/security-wg/blob/main/vuln/npm/496.json |
| cvssv3 | 5.6 | https://hackerone.com/reports/454365 |
| generic_textual | MODERATE | https://hackerone.com/reports/454365 |
| generic_textual | MODERATE | https://nvd.nist.gov/vuln/detail/CVE-2019-5428 |
| generic_textual | MODERATE | https://www.npmjs.com/advisories/796 |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-01T19:25:57.374047+00:00 | NVD CVE Status Improver | Improve | https://cveawg.mitre.org/api/cve/CVE-2019-5428 | 36.1.3 |
| 2025-07-01T12:21:43.152009+00:00 | GithubOSV Importer | Import | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-wv67-q8rr-grjp/GHSA-wv67-q8rr-grjp.json | 36.1.3 |