npm package
keyget
pkg:npm/keyget
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-23760 | — | <= 2.4.0 | — | Jan 28, 2022 | The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272]( | ||
| CVE-2020-28272 | — | >= 1.0.0, < 2.3.0 | 2.3.0 | Dec 2, 2020 | Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution. |
- CVE-2021-23760Jan 28, 2022affected <= 2.4.0
The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272](
- CVE-2020-28272Dec 2, 2020affected >= 1.0.0, < 2.3.0fixed 2.3.0
Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution.