Description
A vulnerability was found in LinkedIn dustjs prior to version 3.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’). The attack may be launched remotely.
Recommendation
Update the dustjs-linkedin package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.0.0
- Patched version(s): 3.0.0
References
Related Issues
- npm package rfc6902 vulnerable to Prototype Pollution - CVE-2021-4245
- Baobab vulnerable to Prototype Pollution - CVE-2021-4307
- MrSwitch hello.js vulnerable to prototype pollution - CVE-2021-26505
- Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers - CVE-2022-41878
- Tags:
- npm
- dustjs-linkedin
Anything's wrong? Let us know Last updated on January 28, 2023