High severity8.8NVD Advisory· Published Apr 23, 2021· Updated Jun 17, 2026
CVE-2021-20085
CVE-2021-20085
Description
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in backbone-query-parameters 0.4.0 allows a malicious user to inject properties into Object.prototype.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
backbone-query-parametersnpm | <= 0.4.0 | — |
Affected products
2- backbone-query-parameters/backbone-query-parametersdescription
Patches
Vulnerability mechanics
References
3- github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/backbone-qp.mdnvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-8qpm-5c82-rf96ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-20085ghsaADVISORY
News mentions
0No linked articles in our index yet.