Keystone Security Vulnerabilities and Issues — Keystone CVE List

Lucene search

KeystonejsKeystone

4 matches found

CVE•added 2022/01/12 12:15 a.m.•68 views

CVE-2022-0087

keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

7.1CVSS6.2AI score0.4977EPSS

CVE•added 2022/11/03 2:15 p.m.•57 views

CVE-2022-39382

Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/[email protected] || 3.0.1 users that use NODE_ENV to trigger security-sensitive functionality in their production builds are vulnerable to NODE_ENV being inlined to "development" for user code, irrespective of what your env...

9.8CVSS9.6AI score0.00595EPSS

CVE•added 2022/05/16 2:15 p.m.•51 views

CVE-2022-29354

An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file.

9.8CVSS9.4AI score0.03683EPSS

CVE•added 2022/10/25 5:15 p.m.•47 views

CVE-2022-39322

@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their multiselect fields to use the field-level access control - if configured - are vulnerable to their field-level access control ...

9.8CVSS9.6AI score0.00576EPSS