The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.

Affected versions:

• version < 4.8.9

Fixed versions:

• 4.8.9