Description: Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.
CVE-2021-20083
CVSS Score: 8.8 (HIGH)
EPSS Score: 21.05%
Risk Score: 6.22 (HIGH)
Risk Score based on CVSS score and EPSS. This score is for reference purposes and is not internationally recognized.
Mitre ATT&CK Technical v15.1
T1053.002 – At
Technical Analysis & Mitigation Measures
Reference Links
https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/jquery-query-object.md
http://packetstormsecurity.com/files/166299/WordPress-Core-5.9.0-5.9.1-Cross-Site-Scripting.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7CR6VGITIB2TXXZ6B5QRRWPU5S4BXQPD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJX6NVXSRN3RX3YUVEJQ4WUTQSDL3DSR/
Vendor - Produce - Version
Disclaimer
The content on this website is automatically sourced from external websites such as the National Vulnerability Database (NVD), GitHub, and other security-related sources. This content is for reference purposes only, and we are not responsible for the accuracy or integrity of the information linked or displayed from these sources.