Description
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Remediation
References
Related Vulnerabilities
WordPress Plugin RSVP and Event Management Cross-Site Scripting (2.3.7)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-0361)
WordPress Plugin ToolPage Cross-Site Scripting (1.6.1)
WordPress Plugin Software License Manager Cross-Site Scripting (4.4.9)
Internet Information Services Improper Input Validation Vulnerability (CVE-2000-0258)