Description
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form Clean and Simple Cross-Site Scripting (4.4.0)
PHP Improper Input Validation Vulnerability (CVE-2015-8879)
WordPress Plugin Website FAQ 'website-faq-widget.php' SQL Injection (1.0)
Drupal Core 8.0.x Multiple Vulnerabilities (8.0.0 - 8.0.3)
WordPress Plugin Easy PayPal Gift Certificate Multiple Vulnerabilities (1.2.3)