How severe is CVE-2021-4307?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2021-4307?

This is classified as CWE-1321, which is a common weakness in software security.

CVE-2021-4307 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be launched remotely. Upgrading to version 2.6.1 is able to address this issue. The patch is named c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217627.

Related Vulnerabilities

CVE-2019-0230

CRITICAL

CVSS:9.8(Critical)

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

CWE-13212019

CVE-2019-14379

CRITICAL

CVSS:9.8(Critical)

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leadi...

CWE-13212019

CVE-2019-19919

CRITICAL

CVSS:9.8(Critical)

Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow...

CWE-13212019

CVE-2020-28269

CRITICAL

CVSS:9.8(Critical)

Prototype pollution vulnerability in 'field' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.

CWE-13212020

CVE-2020-28270

CRITICAL

CVSS:9.8(Critical)

Prototype pollution vulnerability in 'object-hierarchy-access' versions 0.2.0 through 0.32.0 allows attacker to cause a denial of service and may lead to remote code execution.

CWE-13212020

CVE-2020-28271

CRITICAL

CVSS:9.8(Critical)

Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution.

CWE-13212020