CVE-2021-4307 — Baobab vulnerable to Prototype Pollution

Description

A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be launched remotely. Upgrading to version 2.6.1 is able to address this issue. The name of the patch is c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217627.

How to fix CVE-2021-4307

To remediate CVE-2021-4307, upgrade the affected package to a fixed version below.

—upgrade to 2.6.1 or later

Is CVE-2021-4307 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 2.6.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (7)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-4307
PATCHgithub.com/Yomguithereal/baobab
WEBgithub.com/Yomguithereal/baobab/commit/c56639532a923d9a1600fb863ec7551b188b5d19
WEBgithub.com/Yomguithereal/baobab/pull/511
WEB