CVE-2021-4264

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LinkedIn dustjs versions up to 2.x LinkedIn dustjs version 3.0.0

Description A vulnerability was found in LinkedIn dustjs, allowing for improperly controlled modification of object prototype attributes, also known as 'prototype pollution'. This issue can be exploited remotely. The exploit has been disclosed to the public.

Recommendations For LinkedIn dustjs versions up to 2.x, upgrade to version 3.0.0 to address this issue. For LinkedIn dustjs version 3.0.0, upgrade to version 3.0.1 to address this issue.

Exploit

Fix

Special Elements Injection

Code Injection

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-94CWE-1321

Related Identifiers

CVE-2021-4264

GHSA-C6RP-WRP9-QR4Q

Affected Products

Dustjs

CVE-2021-4264

Weakness Enumeration

Related Identifiers

Affected Products

References · 13