1543 matches found
Remote Code Execution
@keystone-6/core is vulnerable to remote code execution. The use of NODEENV not in dependencies triggers the security-sensitive functionality in a production build, which makes it vulnerable to NODEENV being inlined to development for user code...
GHSA-25MX-2MXM-6343 @keystone-6/core's NODE_ENV defaults to development with esbuild
Impact @keystone-6/[email protected] || 3.0.1 users that use NODEENV in their own code not dependencies to trigger security-sensitive functionality in a production build are vulnerable to NODEENV being inlined to "development" for user code. If your dependencies use NODEENV to trigger particular...
CVE-2022-39382
Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/[email protected] || 3.0.1 users that use NODEENV to trigger security-sensitive functionality in their production builds are vulnerable to NODEENV being inlined to "development" for user code, irrespective of what your...
Design/Logic Flaw
Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/email protected || 3.0.1 users that use NODEENV to trigger security-sensitive functionality in their production builds are vulnerable to NODEENV being inlined to "development" for user code, irrespective of what you...
CVE-2022-39382 NODE_ENV in Keystone defaults to development with esbuild
Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/[email protected] || 3.0.1 users that use NODEENV to trigger security-sensitive functionality in their production builds are vulnerable to NODEENV being inlined to "development" for user code, irrespective of what your...
Keystone 注入漏洞
Keystone is a powerful CMS designed to help you build and scale faster than any other Cms or application framework. A security vulnerability exists in Keystone versions prior to 3.0.2, which stems from the possibility of being inlined to user code if security-sensitive functionality is triggered...
CVE-2022-39382 NODE_ENV in Keystone defaults to development with esbuild
Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/[email protected] || 3.0.1 users that use NODEENV to trigger security-sensitive functionality in their production builds are vulnerable to NODEENV being inlined to "development" for user code, irrespective of what your...
PT-2022-24942 · Unknown · @Keystone-6/Core
Name of the Vulnerable Software and Affected Versions: @keystone-6/core versions 3.0.0 through 3.0.1 Description: The issue arises when NODE ENV is inlined to "development" for user code, regardless of the environment variables. This affects users who use NODE ENV to trigger security-sensitive...
CVE-2022-39382
Keystone (Node.js) vulnerability CVE-2022-39382 affects @keystone-6/core versions 3.0.0 and 3.0.1. The issue arises when NODE_ENV is inlined to the string "development" for user code in production builds, potentially triggering security‑sensitive functionality unintentionally. The vulnerability i...
CVE-2022-39382 NODE_ENV in Keystone defaults to development with esbuild
Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/[email protected] || 3.0.1 users that use NODEENV to trigger security-sensitive functionality in their production builds are vulnerable to NODEENV being inlined to "development" for user code, irrespective of what your...
CVE-2022-39322
@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access contro...
Design/Logic Flaw
@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access contro...
CVE-2022-39322 @keystone-6/core vulnerable to field-level access-control bypass for multiselect field
@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access contro...
CVE-2022-39322
The CVE-2022-39322 entry affects the Keystone 6 ecosystem: @keystone-6/core prior to version 2.3.1, specifically 2.2.0 up to 2.3.0, is vulnerable to a field-level access-control bypass for multiselect fields. The vulnerability arises because field-level access control is not applied to multiselec...
Keystone 授权问题漏洞
Keystone is a powerful CMS designed to help you build and scale faster than any other Cms or application framework. An authorization issue vulnerability exists in versions of Keystone prior to 2.3.1, which stems from the fact that users who use field-level access controls are vulnerable to not...
CVE-2022-39322 @keystone-6/core vulnerable to field-level access-control bypass for multiselect field
@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access contro...
CVE-2022-39322 @keystone-6/core vulnerable to field-level access-control bypass for multiselect field
@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access contro...
Field-level access-control bypass for multiselect field
Impact @keystone-6/[email protected] || 2.3.0 users who are using the multiselect field, and provided field-level access control - are vulnerable to their field-level access control not being used. List-level access control is NOT affected. Field-level access control for fields other than multiselect ar...
GHSA-6MHR-52MV-6V6F Field-level access-control bypass for multiselect field
Impact @keystone-6/[email protected] || 2.3.0 users who are using the multiselect field, and provided field-level access control - are vulnerable to their field-level access control not being used. List-level access control is NOT affected. Field-level access control for fields other than multiselect ar...
PT-2022-24899 · Unknown · @Keystone-6/Core
Name of the Vulnerable Software and Affected Versions: @keystone-6/core versions 2.2.0 through 2.3.0 Description: The issue affects users of the multiselect field in @keystone-6/core who have configured field-level access control. The field-level access control is not being used, making the data...