Description
A vulnerability was found in LinkedIn dustjs prior to version 3.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’). The attack may be launched remotely.
Recommendation
Update the dustjs-linkedin package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.0.0
- Patched version(s): 3.0.0
References
Related Issues
- Auth0 NextJS SDK v4 Missing Session Invalidation - CVE-2025-46344
- Potential DoS when using ContextLines integration - Vulnerability
- sanitize-html Information Exposure vulnerability - CVE-2024-21501
- json-schema-ref-parser Prototype Pollution issue - CVE-2024-29651
- Tags:
- npm
- dustjs-linkedin
Anything's wrong? Let us know Last updated on January 28, 2023