Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2021-20083
PUBLISHEDImproperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious...
- Vendor
- jQuery
- Product
- jquery-plugin-query-object
- Published
- Apr 23, 2021
- EPSS
- 2.8% · 85% pctl
Description
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:L/Au:S/C:P/I:P/A:P
Exploitation status
Exploited in the wild
Recorded 2022-03-11 08:00:34 UTC · Source
References
- https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/jquery-query-object.md
- http://packetstormsecurity.com/files/166299/WordPress-Core-5.9.0-5.9.1-Cross-Site-Scripting.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7CR6VGITIB2TXXZ6B5QRRWPU5S4BXQPD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJX6NVXSRN3RX3YUVEJQ4WUTQSDL3DSR/
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| Wordfence | Mar 11, 2022 |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel