Skip to content

jquery.ba-bbq-1.2.1.min.js: 1 vulnerabilities (highest severity is: 8.8) #8

Description

@mend-for-github-com
Vulnerable Library - jquery.ba-bbq-1.2.1.min.js

jQuery BBQ leverages the HTML5 hashchange event to allow simple, yet powerful bookmarkable #hash history. In addition, jQuery BBQ provides a full .deparam() method, along with both hash state management, and fragment / query string parse and merge utility methods

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery.ba-bbq/1.2.1/jquery.ba-bbq.min.js

Path to vulnerable library: /WebContent/swagger/lib/jquery.ba-bbq.min.js

Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982

Vulnerabilities

Vulnerability Severity CVSS Dependency Type Fixed in (jquery.ba-bbq version) Remediation Possible**
CVE-2021-20086 High 8.8 jquery.ba-bbq-1.2.1.min.js Direct N/A

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2021-20086

Vulnerable Library - jquery.ba-bbq-1.2.1.min.js

jQuery BBQ leverages the HTML5 hashchange event to allow simple, yet powerful bookmarkable #hash history. In addition, jQuery BBQ provides a full .deparam() method, along with both hash state management, and fragment / query string parse and merge utility methods

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery.ba-bbq/1.2.1/jquery.ba-bbq.min.js

Path to vulnerable library: /WebContent/swagger/lib/jquery.ba-bbq.min.js

Dependency Hierarchy:

  • jquery.ba-bbq-1.2.1.min.js (Vulnerable Library)

Found in HEAD commit: cedbeef60454e131e5f34a0c317dc4c2335d1982

Found in base branch: AltoroJ-3.2

Vulnerability Details

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype.

Publish Date: 2021-04-23

URL: CVE-2021-20086

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions