CVE-2021-20086

HIGH NUCLEI

Jquery-bbq - Prototype Pollution

Title source: rule

Description

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype.

Nuclei Templates (1)

Odoo Apps - Cross-Site Scripting via Prototype Pollution

HIGHVERIFIEDby 1337rokudenashi

Shodan: html:"Odoo"

References (2)

[Exploit, Third Party Advisory] https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/jquery-bbq.md

View Exploit ZIP pw:eip

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20241108-0002/

Scores

CVSS v3 8.8

EPSS 0.4956

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-1321

Status published

Products (2)

jquery-bbq_project/jquery-bbq 1.2.1

npm/jquery-bbq 0npm

Published Apr 23, 2021

Tracked Since Feb 18, 2026