CVE-2021-23760

MEDIUM5.6EPSS 2.4%

Prototype Pollution in keyget

Published: 2/1/2022Modified: 11/8/2023

Description

The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272](https://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048)

Affected packages (1)

npm/keygetfrom 0, <= 2.4.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-23760
PATCHhttps://github.com/rumkin/keyget
WEBhttps://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048
WEBhttps://snyk.io/vuln/SNYK-JS-KEYGET-2342624