Description
Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 2.2.3
References
- GHSA-q9xg-h756-8689
- lists.fedoraproject.org
- packetstormsecurity.com
- CVE-2021-20083
- CWE-1321
- CAPEC-310
- OWASP 2021-A6
Related Issues
- CodeceptJS's incomprehensive sanitation can lead to Command Injection - CVE-2025-57285
- Payload does not invalidate JWTs after log out (GHSA-5v66-m237-hwf7) 2 - CVE-2025-4643
- The AuthKit React Router Library rendered sensitive auth data in HTML - CVE-2025-55008
- Vite allows server.fs.deny to be bypassed with .svg or relative paths - CVE-2025-31486
- Tags:
- npm
- jquery-query-object
Anything's wrong? Let us know Last updated on July 11, 2023