Home > Vulnerability Database > CVE-2021-4264

Mend.io Vulnerability Database

CVE-2021-4264

Good to know:

Date: December 20, 2022

A vulnerability was found in LinkedIn dustjs up to 2.x and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is ddb6523832465d38c9d80189e9de60519ac307c3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216464.

Language: JS

Severity Score

6.3

Related Resources (9)

Url: https://github.com/linkedin/dustjs/commit/ddb6523832465d38c9d80189e9de60519ac307c3

Url: https://github.com/linkedin/dustjs/releases/tag/v3.0.0

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-4264

Url: https://github.com/linkedin/dustjs/pull/805

Url: https://github.com/linkedin/dustjs/issues/804

Url: https://github.com/linkedin/dustjs

Url: https://vuldb.com/?ctiid.216464

Url: https://vuldb.com/?id.216464

Url: https://www.mend.io/vulnerability-database/CVE-2021-4264

Severity Score

6.3

Weakness Type (CWE)

Code Injection

CWE-94

Injection

CWE-74

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Top Fix

Upgrade Version

Upgrade to version dustjs-linkedin - 3.0.0

Learn More

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2021-4264

Good to know:

Date: December 20, 2022

Language: JS

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?