web application security

  1. C

    Web Prototype Pollution, JavaScript library JQuery < 3.4.0, CVE-2019-11358

    A dangerous vulnerability has been fixed in the popular jQuery JavaScript library, which is used by 74% of websites. Web developers are encouraged to update jQuery in their projects to version 3.4.0. This is a rare prototype pollution vulnerability, the essence of which security researchers...
  2. C

    Remote Arbitrary code execution, (LibGD) PHP 4 <= 7.3, CVE-2019-6977

    Arbitrary code execution vulnerability (CVE-2019-6977) affects the PHP GD image processing library in PHP versions 4 through 7.3. The vulnerability is caused by insufficient input validation in the gdImageCreateFromGd2() function that could allow an attacker to execute arbitrary code on the...