2 matches found
CVE-2021-23760
The CVE-2021-23760 entry concerns the npm package keyget vulnerability to Prototype Pollution. The issue affects keyget versions 0.0.0 and up to at least 2.2.0, where the set, push, and at methods can be abused to pollute an object's prototype, potentially enabling denial of service and remote co...
CVE-2020-28272
CVE-2020-28272 affects the npm package keyget (versions 1.0.0–2.2.0). A prototype pollution flaw in the setByPath() function allows an attacker to pollute the Object prototype (e.g., via proto .polluted), enabling denial of service and potentially remote code execution. The exploitation details a...