Description
A vulnerability was found in LinkedIn dustjs prior to version 3.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’). The attack may be launched remotely.
Recommendation
Update the dustjs-linkedin package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.0.0
- Patched version(s): 3.0.0
References
Related Issues
- MrSwitch hello.js vulnerable to prototype pollution - CVE-2021-26505
- npm package rfc6902 vulnerable to Prototype Pollution - CVE-2021-4245
- Baobab vulnerable to Prototype Pollution - CVE-2021-4307
- Prototype Pollution in litespeed.js and appwrite/server-ce - CVE-2021-23682
- Tags:
- npm
- dustjs-linkedin
Anything's wrong? Let us know Last updated on January 28, 2023