CVE-2021-20083: jquery-plugin-query-object contains prototype pollution vulnerability
8.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.91016%
CWE
Published
5/24/2022
Updated
7/11/2023
KEV Status
No
Technology
JavaScript
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
jquery-query-object | npm | <= 2.2.3 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from how user-controlled query parameters are processed: 1) parseNew handles raw URL parameters and passes them to SET 2) SET uses the parse function which splits keys into base/tokens using regex 3) When base is proto and tokens contain properties, this leads to prototype pollution. The PoC demonstrates this with ?proto[test]=test payload modifying Object.prototype. The code structure shown in BlackFan's analysis confirms the lack of prototype validation in property assignment paths.