Description
A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’). The attack can be launched remotely. Upgrading to version 2.6.
Recommendation
Update the baobab package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.6.1
- Patched version(s): 2.6.1
References
Related Issues
- tarteaucitron Cross-site Scripting (XSS) - CVE-2025-1467
- Cross site scripting in markdown-to-jsx - CVE-2024-21535
- uPlot Prototype Pollution vulnerability - CVE-2024-21489
- FUXA local file inclusion vulnerability - CVE-2023-31718
- Tags:
- npm
- baobab
Anything's wrong? Let us know Last updated on October 20, 2023