CVE-2021-20087

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: jquery-deparam version 0.5.1

Description: The issue allows a malicious user to inject properties into Object.prototype through 'Prototype Pollution'. This occurs due to improperly controlled modification of object prototype attributes in jquery-deparam.

Recommendations: For jquery-deparam version 0.5.1, update to a version that fixes the 'Prototype Pollution' issue to prevent malicious users from injecting properties into Object.prototype.

Exploit

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321

Related Identifiers

CVE-2021-20087

GHSA-XG68-CHX2-253G

Affected Products

Jquery-Deparam

CVE-2021-20087

Weakness Enumeration

Related Identifiers

Affected Products

References · 6