Description
Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 2.2.3
References
- GHSA-q9xg-h756-8689
- lists.fedoraproject.org
- packetstormsecurity.com
- CVE-2021-20083
- CWE-1321
- CAPEC-310
- OWASP 2021-A6
Related Issues
- Prototype Pollution in jquery-deparam - CVE-2021-20087
- Starcounter-Jack JSON-Patch Prototype Pollution vulnerability - CVE-2021-4279
- Prototype Pollution in nedb - CVE-2021-23395
- Prototype Pollution in ts-nodash - CVE-2021-23403
- Tags:
- npm
- jquery-query-object
Anything's wrong? Let us know Last updated on July 11, 2023