CVE-2019-5428
Vulnerable versions: < 3.4.0
Patched version: 3.4.0
A prototype pollution vulnerability exists in jQuery versions < 3.4.0 that
allows an attacker to inject properties on Object.prototype.

https://nvd.nist.gov/vuln/detail/CVE-2019-5428