CVE-2021-23760

MEDIUM5.6EPSS 2.4%

Prototype Pollution in keyget

發布日:2022/2/1修改日:2023/11/8

描述

The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272](https://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048)

受影響套件(1)

npm/keygetfrom 0, <= 2.4.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-23760
PATCHhttps://github.com/rumkin/keyget
WEBhttps://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048
WEBhttps://snyk.io/vuln/SNYK-JS-KEYGET-2342624