Description
Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 2.2.3
References
- GHSA-q9xg-h756-8689
- lists.fedoraproject.org
- packetstormsecurity.com
- CVE-2021-20083
- CWE-1321
- CAPEC-310
- OWASP 2021-A6
Related Issues
- Strapi Password Hashing is Missing Maximum Password Length Validation - CVE-2025-25298
- DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware - CVE-2025-59037
- Payload does not invalidate JWTs after log out (GHSA-5v66-m237-hwf7) 2 - CVE-2025-4643
- The AuthKit React Router Library rendered sensitive auth data in HTML - CVE-2025-55008
- Tags:
- npm
- jquery-query-object
Anything's wrong? Let us know Last updated on July 11, 2023