Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS13dnIyLXE4Nm0tNndocM4AAwzO

Critical CVSS: 9.8 EPSS: 0.00636% (0.70507 Percentile) EPSS:
Permalink JSON

Baobab vulnerable to Prototype Pollution

Affected Packages Affected Versions Fixed Versions
npm:baobab
PURL: pkg:npm/baobab
< 2.6.1 2.6.1
90 Dependent packages
196 Dependent repositories
27,765 Downloads last month

Affected Version Ranges

All affected versions

0.0.1, 0.1.0, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.3.1, 0.3.2, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 1.0.0, 1.0.0-rc1, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.1.0-immutable, 1.1.0-syncwrite, 1.1.1, 1.1.2, 2.0.0, 2.0.0-dev1, 2.0.0-dev2, 2.0.0-dev3, 2.0.0-dev4, 2.0.0-dev5, 2.0.0-dev6, 2.0.0-dev7, 2.0.0-dev8, 2.0.0-dev9, 2.0.0-dev10, 2.0.0-dev11, 2.0.0-dev12, 2.0.0-dev13, 2.0.0-dev14, 2.0.0-dev15, 2.0.0-rc1, 2.0.0-rc2, 2.0.0-rc3, 2.0.1, 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1, 2.3.0, 2.3.0-rc1, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.6.0

All unaffected versions

2.6.1

Potentially Affected Packages

These packages share the same source repository and may be affected by this vulnerability, but are not listed in the advisory.

Package Ecosystem Latest Version Classification
@superhuman/baobab npm Likely Fork
baobab bower Repackage

Package Ecosystem Latest Version
org.webjars.bower:baobab maven
org.webjars.npm:baobab maven

A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be launched remotely. Upgrading to version 2.6.1 is able to address this issue. The name of the patch is c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217627.

References:

Identifiers

GHSA-wvr2-q86m-6whp

CVE-2021-4307

Risk

Severity

Critical

CVSS

CVSS Score: 9.8

CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

EPSS Percentage: 0.00636

EPSS Percentile: 0.70507

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/Yomguithereal/baobab
View on Ecosyste.ms

Date and time

Published

over 3 years ago

Updated

about 2 months ago

API

JSON