dustjs-linkedin vulnerable to Prototype Pollution

Severity:: High

Description

A vulnerability was found in LinkedIn dustjs prior to version 3.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’). The attack may be launched remotely.

Recommendation

Update the dustjs-linkedin package to the latest compatible version. Followings are version details:

Affected version(s): < 3.0.0
Patched version(s): 3.0.0

References

GHSA-c6rp-wrp9-qr4q
vuldb.com
CVE-2021-4264
CWE-1321
CWE-74
CWE-94
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

npm package rfc6902 vulnerable to Prototype Pollution - CVE-2021-4245
Baobab vulnerable to Prototype Pollution - CVE-2021-4307
MrSwitch hello.js vulnerable to prototype pollution - CVE-2021-26505
Immutable is vulnerable to Prototype Pollution - CVE-2026-29063

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; dustjs-linkedin

Anything's wrong? Let us know Last updated on January 28, 2023