CVE-2022-2200

HIGH Year: 2022
CVSS v3 Score
8.8
High
Weakness Type
CWE-1321
View all →

Vulnerability Description

If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

Related Vulnerabilities

CVE-2018-11135

HIGH
CVSS:8.8(High)

The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks.

CWE-13212018

CVE-2019-10808

HIGH
CVSS:8.8(High)

utilitify prior to 1.0.3 allows modification of object properties. The merge method could be tricked into adding or modifying properties of the Object.prototype.

CWE-13212019

CVE-2019-17316

HIGH
CVSS:8.8(High)

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user.

CWE-13212019

CVE-2021-20083

HIGH
CVSS:8.8(High)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.

CWE-13212021

CVE-2021-20084

HIGH
CVSS:8.8(High)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-sparkle 1.5.2-beta allows a malicious user to inject properties into Object.prototype.

CWE-13212021

CVE-2021-20085

HIGH
CVSS:8.8(High)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in backbone-query-parameters 0.4.0 allows a malicious user to inject properties into Object.prototype.

CWE-13212021