CVE-2021-4264
LinkedIn dustjs prototype pollution
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was found in LinkedIn dustjs up to 2.x and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is ddb6523832465d38c9d80189e9de60519ac307c3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216464.
| CWE | CWE-1321 |
| Vendor | |
| Product | dustjs |
| Published | Dec 21, 2022 |
| Last Updated | Aug 3, 2024 |
Stay Ahead of the Next One
Get instant alerts for linkedin dustjs
Be the first to know when new medium vulnerabilities affecting linkedin dustjs are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
LinkedIn / dustjs
2.x
References
vuldb.com: https://vuldb.com/?id.216464 vuldb.com: https://vuldb.com/?ctiid.216464 github.com: https://github.com/linkedin/dustjs/issues/804 github.com: https://github.com/linkedin/dustjs/pull/805 github.com: https://github.com/linkedin/dustjs/commit/ddb6523832465d38c9d80189e9de60519ac307c3 github.com: https://github.com/linkedin/dustjs/releases/tag/v3.0.0