CVE-2021-20083
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- December 17, 2020
- Published Date
- April 23, 2021
- Last Updated
- August 03, 2024
- Vendor
- n/a
- Product
- jquery-plugin-query-object
- Description
- Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.
CVSS Scores
CVSS v3.1
8.8 - HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0
6.5
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS Score
- Score
- 2.84% (Percentile: 85.46%) as of 2025-05-12
Exploit Status
- Exploited in the Wild
- Yes (2022-03-11 08:00:34 UTC) Source
References
https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/jquery-query-object.md
http://packetstormsecurity.com/files/166299/WordPress-Core-5.9.0-5.9.1-Cross-Site-Scripting.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7CR6VGITIB2TXXZ6B5QRRWPU5S4BXQPD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJX6NVXSRN3RX3YUVEJQ4WUTQSDL3DSR/
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| Wordfence | 2022-03-11 08:00:34 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel