Lucene search

Keystone Security Vulnerabilities - CVSS Score 9 - 10

cve

CVE-2022-29354

An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file.

9.8CVSS

9.4AI Score

0.003EPSS

2022-05-16 02:15 PM

cve

CVE-2022-39322

@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access control ...

9.8CVSS

9.4AI Score

0.002EPSS

2022-10-25 05:15 PM

cve

CVE-2022-39382

Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/[email protected] || 3.0.1 users that use NODE_ENV to trigger security-sensitive functionality in their production builds are vulnerable to NODE_ENV being inlined to "development" for user code, irrespective of what your env...

9.8CVSS

9.6AI Score

0.002EPSS

2022-11-03 02:15 PM