Description
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Remediation
References
Related Vulnerabilities
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6610)
Oracle JRE CVE-2020-2830 Vulnerability (CVE-2020-2830)
ownCloud Improper Privilege Management Vulnerability (CVE-2021-35946)
WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (1.9.5)
WordPress Plugin Quotes Collection Cross-Site Scripting (2.0.5)