GHSA-9fp7-4fjm-q3mf

Опубликовано: 01 фев. 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.6

Описание

Prototype Pollution in keyget

The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. Note: This vulnerability derives from an incomplete fix to CVE-2020-28272

Ссылки

Пакеты

Наименование

keyget

npm

Затронутые версииВерсия исправления

<= 2.4.0

Отсутствует

EPSS

Процентиль: 85%

0.02425

Низкий

5.6 Medium

CVSS3

CVE ID

CVE-2021-23760

Дефекты

CWE-1321

Связанные уязвимости

CVE-2021-23760

CVSS3: 5.6

nvd

около 4 лет назад

The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272](https://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048)

EPSS

Процентиль: 85%

0.02425

Низкий

5.6 Medium

CVSS3

CVE ID

CVE-2021-23760

Дефекты

CWE-1321