{"id":"CVE-2021-20088","details":"Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype.","aliases":["GHSA-fw45-938v-p26j"],"modified":"2026-03-14T10:37:52.192591Z","published":"2021-04-23T18:15:08.097Z","references":[{"type":"EVIDENCE","url":"https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/mootools-more.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mootools/mootools-more","events":[{"introduced":"0"},{"last_affected":"bf233fb08b9ee5e6ec0098292540aa6b79b486cc"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.6.0"}]}}],"versions":["0.1","0.2","1.0","1.0.1","1.0.2","1.0rc1","1.2","1.2.1","1.2.2.1","1.2.2.2","1.2.3.1","1.2.4","1.2.4.1","1.2.4.2","1.2.4.3","1.2.4.4","1.3.0.1","1.3.0.1rc1","1.3.1.1","1.3.2.1","1.4.0.1","1.5.0","1.5.1","1.5.2","1.6.0","Date.parse","more-1.0","more-1.01","more-1.02","more-1.0rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20088.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}