jquery.cookie is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the key
parameter in the removeCookie
function of jquery.cookie.js
and modify attributes such as __proto__
, constructor
, and prototype
.