First published: Fri Apr 23 2021(Updated: )
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype.
Credit: vulnreport@tenable.com vulnreport@tenable.com vulnreport@tenable.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mootools Mootools-more | =1.6.0 | |
npm/mootools-more | <=1.6.0 | |
=1.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-20088 is a vulnerability in mootools-more 1.6.0 that allows a malicious user to inject properties into Object.prototype.
CVE-2021-20088 has a severity rating of 8.8 (high).
CVE-2021-20088 affects Mootools Mootools-more 1.6.0.
To fix CVE-2021-20088, update Mootools Mootools-more to a version that is not affected by the vulnerability.
You can find more information about CVE-2021-20088 at the following link: [GitHub - BlackFan/client-side-prototype-pollution](https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/mootools-more.md).