An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file.
9.8CVSS
9.4AI Score
0.003EPSS
@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access control ...
9.8CVSS
9.4AI Score
0.002EPSS
Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/[email protected] || 3.0.1 users that use NODE_ENV to trigger security-sensitive functionality in their production builds are vulnerable to NODE_ENV being inlined to "development" for user code, irrespective of what your env...
9.8CVSS
9.6AI Score
0.002EPSS