3 matches found
CVE-2022-39382
Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/[email protected] || 3.0.1 users that use NODEENV to trigger security-sensitive functionality in their production builds are vulnerable to NODEENV being inlined to "development" for user code, irrespective of what your...
CVE-2022-39382
Keystone (Node.js) vulnerability CVE-2022-39382 affects @keystone-6/core versions 3.0.0 and 3.0.1. The issue arises when NODE_ENV is inlined to the string "development" for user code in production builds, potentially triggering security‑sensitive functionality unintentionally. The vulnerability i...
CVE-2022-39382 NODE_ENV in Keystone defaults to development with esbuild
Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/[email protected] || 3.0.1 users that use NODEENV to trigger security-sensitive functionality in their production builds are vulnerable to NODEENV being inlined to "development" for user code, irrespective of what your...