diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2025-11-27 16:13:05 +0100 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2025-11-29 17:17:55 +0100 |
| commit | d292a41b1df0ed7c92a84109b24c0cf9bdc90c64 (patch) | |
| tree | e273999771f867ae7d6c7707ff054f8606f13199 | |
| parent | be82d596a63f4404e6e4deb9aa3c1f69e344ee46 (diff) | |
| download | Ishtar-d292a41b1df0ed7c92a84109b24c0cf9bdc90c64.tar.bz2 Ishtar-d292a41b1df0ed7c92a84109b24c0cf9bdc90c64.zip | |
🔒️ fix security issue for jQuery CVE-2019-11358
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
| -rw-r--r-- | ishtar_common/static/js/jquery.js | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ishtar_common/static/js/jquery.js b/ishtar_common/static/js/jquery.js index 7fc60fca7..ec2f79ff9 100644 --- a/ishtar_common/static/js/jquery.js +++ b/ishtar_common/static/js/jquery.js @@ -209,8 +209,9 @@ jQuery.extend = jQuery.fn.extend = function() { src = target[ name ]; copy = options[ name ]; + // Prevent Object.prototype pollution // Prevent never-ending loop - if ( target === copy ) { + if ( name === "__proto__" || target === copy ) { continue; } |