1. Home
  2. CVE Database
  3. CVE-2021-4307
MEDIUM · 6.3

CVE-2021-4307

A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly contro...

Vulnerability Description

A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be launched remotely. Upgrading to version 2.6.1 is able to address this issue. The patch is named c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217627.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
Baobab ProjectBaobab>= 2.0.0, < 2.6.1

Related Weaknesses (CWE)

CWE-1321

References

FAQ

What is CVE-2021-4307?

CVE-2021-4307 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly contro...

How severe is CVE-2021-4307?

CVE-2021-4307 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-4307?

Check the references section above for vendor advisories and patch information. Affected products include: Baobab Project Baobab.