EUVD-2022-3202

Malicious code in bioql PyPI...

CVE-2020-28272

Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution...

keyget vulnerable to prototype pollution

Overview Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution. Details The npm module 'keyget' can be abused by Prototype Pollution vulnerability since the function 'setByPath' did not check f...

mongo-rest-api (=0.1.0), pine-ql (>=0.1.0 <=0.5.4) potentially affected by CVE-2020-28272 via keyget (=1.0.1)

keyget NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on keyget and may be impacted: - mongo-rest-api =0.1.0 - pine-ql =0.1.0, =0.5.4 Source cves: CVE-2020-28272 Source advisory: OSV:GHSA-8MP8-28XH-R486...

GHSA-8MP8-28XH-R486 keyget vulnerable to prototype pollution

Overview Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution. Details The npm module 'keyget' can be abused by Prototype Pollution vulnerability since the function 'setByPath' did not check f...

GHSA-9FP7-4FJM-Q3MF Prototype Pollution in keyget

The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. Note: This vulnerability derives from an incomplete fix to CVE-2020-28272...

mongo-rest-api (=0.1.0), pine-ql (>=0.1.0 <=0.5.4) potentially affected by CVE-2021-23760 via keyget (=1.0.1)

keyget NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on keyget and may be impacted: - mongo-rest-api =0.1.0 - pine-ql =0.1.0, =0.5.4 Source cves: CVE-2021-23760 Source advisory: OSV:GHSA-9FP7-4FJM-Q3MF...

Prototype Pollution in keyget

The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. Note: This vulnerability derives from an incomplete fix to CVE-2020-28272...

CVE-2021-23760

The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. Note: This vulnerability derives from an incomplete fix to CVE-2020-28272...

Remote code execution

The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. Note: This vulnerability derives from an incomplete fix to CVE-2020-28272...

CVE-2021-23760

The CVE-2021-23760 entry concerns the npm package keyget vulnerability to Prototype Pollution. The issue affects keyget versions 0.0.0 and up to at least 2.2.0, where the set, push, and at methods can be abused to pollute an object's prototype, potentially enabling denial of service and remote co...

CVE-2021-23760 Prototype Pollution

The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. Note: This vulnerability derives from an incomplete fix to CVE-2020-28272...

Rumkin Keyget 安全漏洞

Rumkin Keyget is a Js-based codebase for objects that can be modified by Rumkin's individual developers. A security vulnerability exists in Rumkin Keyget that can be exploited by an attacker to cause a denial of service and potentially lead to remote code execution...

mongo-rest-api (=0.1.0), pine-ql (>=0.1.0 <=0.5.4) potentially affected by CVE-2020-28272 +1 more via keyget (=1.0.1)

keyget NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on keyget and may be impacted: - mongo-rest-api =0.1.0 - pine-ql =0.1.0, =0.5.4 Source cves: CVE-2020-28272, CVE-2021-23760 Source advisory: SNYK:JS-KEYGET-2342624...

Prototype Pollution

Overview keyget is an Is nested object manipulation kit. It can find, get, set, push or call nested properties. Note: The package is deprecated due to prototype pollution vulnerability. Affected versions of this package are vulnerable to Prototype Pollution via the methods set, push, and at which...

Prototype Pollution

keyget is vulnerable to prototype pollution. The vulnerability exists as the function setByPath did not check for the type of object before assigning value to the property...

CVE-2020-28272

Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution...

CVE-2020-28272

CVE-2020-28272 affects the npm package keyget (versions 1.0.0–2.2.0). A prototype pollution flaw in the setByPath() function allows an attacker to pollute the Object prototype (e.g., via proto .polluted), enabling denial of service and potentially remote code execution. The exploitation details a...

CVE-2020-28272

Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution...

keyget Security Vulnerabilities

Rumkin Keyget is a Js-based codebase for objects that can be modified by Rumkin's individual developers. A security vulnerability exists in keyget versions 1.0.0 through 2.0.0 that can be exploited by an attacker to cause a denial of service and potentially lead to remote code execution...