Baobab vulnerable to Prototype Pollution

Description

A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’). The attack can be launched remotely. Upgrading to version 2.6.

Recommendation

Update the baobab package to the latest compatible version. Followings are version details:

• Affected version(s): < 2.6.1
• Patched version(s): 2.6.1

References

• GHSA-wvr2-q86m-6whp
• vuldb.com
• CVE-2021-4307
• CWE-1321
• CAPEC-310
• OWASP 2021-A6

Related Issues

• npm package rfc6902 vulnerable to Prototype Pollution - CVE-2021-4245
• MrSwitch hello.js vulnerable to prototype pollution - CVE-2021-26505
• dustjs-linkedin vulnerable to Prototype Pollution - CVE-2021-4264
• Immutable is vulnerable to Prototype Pollution - CVE-2026-29063

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

baobab