npm package
tree-kit
pkg:npm/tree-kit
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-38894 | — | < 0.7.5 | 0.7.5 | Aug 16, 2023 | A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function. | ||
| CVE-2021-4278 | — | < 0.7.0 | 0.7.0 | Dec 25, 2022 | A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). Upgrading to version 0.7.0 is able to addre |
- CVE-2023-38894Aug 16, 2023affected < 0.7.5fixed 0.7.5
A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function.
- CVE-2021-4278Dec 25, 2022affected < 0.7.0fixed 0.7.0
A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). Upgrading to version 0.7.0 is able to addre