Vulnerabilities > CVE-2021-20083 - Unspecified vulnerability in Jquery-Plugin-Query-Object Project Jquery-Plugin-Query-Object 2.2.3

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

jquery-plugin-query-object-project

NVD

Published: 2021-04-23

Updated: 2023-11-07

Summary

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.

Vulnerable Configurations

Part	Description	Count
Application	Jquery-Plugin-Query-Object_Project Jquery Plugin Query Object Project Jquery Plugin Query Object 2.2.3	1

References

https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/jquery-query-object.md
http://packetstormsecurity.com/files/166299/WordPress-Core-5.9.0-5.9.1-Cross-Site-Scripting.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7CR6VGITIB2TXXZ6B5QRRWPU5S4BXQPD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJX6NVXSRN3RX3YUVEJQ4WUTQSDL3DSR/