Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by keyget_project
CVE-2021-23760 (GCVE-0-2021-23760)
Vulnerability from cvelistv5 – Published: 2022-01-28 21:31 – Updated: 2024-09-17 01:31
VLAI
EPSS
VEX
Title
Prototype Pollution
Summary
The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272](https://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048)
Severity
5.6 (Medium)
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-JS-KEYGET-2342624 | x_refsource_MISC |
Date Public
2022-01-28 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:14:08.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-KEYGET-2342624"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "P.Adithya Srinivas"
},
{
"lang": "en",
"value": "Masudul Hasan Masud Bhuiyan"
},
{
"lang": "en",
"value": "Cristian-Alexandru Staicu"
}
],
"datePublic": "2022-01-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272](https://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-28T21:31:30.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-KEYGET-2342624"
}
],
"title": "Prototype Pollution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-01-28T20:00:12.773214Z",
"ID": "CVE-2021-23760",
"STATE": "PUBLIC",
"TITLE": "Prototype Pollution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "P.Adithya Srinivas"
},
{
"lang": "eng",
"value": "Masudul Hasan Masud Bhuiyan"
},
{
"lang": "eng",
"value": "Cristian-Alexandru Staicu"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272](https://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-KEYGET-2342624",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-KEYGET-2342624"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2021-23760",
"datePublished": "2022-01-28T21:31:30.439Z",
"dateReserved": "2021-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:31:13.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28272 (GCVE-0-2020-28272)
Vulnerability from cvelistv5 – Published: 2020-12-02 14:32 – Updated: 2024-08-04 16:33
VLAI
EPSS
VEX
Summary
Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution.
Severity
No CVSS data available.
CWE
- Prototype Pollution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.whitesourcesoftware.com/vulnerability… | x_refsource_CONFIRM |
| https://github.com/rumkin/keyget/commit/17d15b6c7… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:58.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28272"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rumkin/keyget/commit/17d15b6c75036eb429075a8cfeccfc18094dd2e2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "keyget",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0.1, 2.0.0, 2.0.1, 2.1.0, 2.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prototype pollution vulnerability in \u0027keyget\u0027 versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Prototype Pollution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-02T14:32:00.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28272"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rumkin/keyget/commit/17d15b6c75036eb429075a8cfeccfc18094dd2e2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2020-28272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "keyget",
"version": {
"version_data": [
{
"version_value": "1.0.1, 2.0.0, 2.0.1, 2.1.0, 2.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prototype pollution vulnerability in \u0027keyget\u0027 versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28272",
"refsource": "CONFIRM",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28272"
},
{
"name": "https://github.com/rumkin/keyget/commit/17d15b6c75036eb429075a8cfeccfc18094dd2e2",
"refsource": "MISC",
"url": "https://github.com/rumkin/keyget/commit/17d15b6c75036eb429075a8cfeccfc18094dd2e2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2020-28272",
"datePublished": "2020-12-02T14:32:00.000Z",
"dateReserved": "2020-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:33:58.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23760 (GCVE-0-2021-23760)
Vulnerability from nvd – Published: 2022-01-28 21:31 – Updated: 2024-09-17 01:31
VLAI
EPSS
VEX
Title
Prototype Pollution
Summary
The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272](https://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048)
Severity
5.6 (Medium)
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-JS-KEYGET-2342624 | x_refsource_MISC |
Date Public
2022-01-28 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:14:08.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-KEYGET-2342624"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "P.Adithya Srinivas"
},
{
"lang": "en",
"value": "Masudul Hasan Masud Bhuiyan"
},
{
"lang": "en",
"value": "Cristian-Alexandru Staicu"
}
],
"datePublic": "2022-01-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272](https://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-28T21:31:30.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-KEYGET-2342624"
}
],
"title": "Prototype Pollution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-01-28T20:00:12.773214Z",
"ID": "CVE-2021-23760",
"STATE": "PUBLIC",
"TITLE": "Prototype Pollution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "P.Adithya Srinivas"
},
{
"lang": "eng",
"value": "Masudul Hasan Masud Bhuiyan"
},
{
"lang": "eng",
"value": "Cristian-Alexandru Staicu"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272](https://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-KEYGET-2342624",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-KEYGET-2342624"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2021-23760",
"datePublished": "2022-01-28T21:31:30.439Z",
"dateReserved": "2021-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:31:13.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28272 (GCVE-0-2020-28272)
Vulnerability from nvd – Published: 2020-12-02 14:32 – Updated: 2024-08-04 16:33
VLAI
EPSS
VEX
Summary
Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution.
Severity
No CVSS data available.
CWE
- Prototype Pollution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.whitesourcesoftware.com/vulnerability… | x_refsource_CONFIRM |
| https://github.com/rumkin/keyget/commit/17d15b6c7… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:58.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28272"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rumkin/keyget/commit/17d15b6c75036eb429075a8cfeccfc18094dd2e2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "keyget",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0.1, 2.0.0, 2.0.1, 2.1.0, 2.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prototype pollution vulnerability in \u0027keyget\u0027 versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Prototype Pollution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-02T14:32:00.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28272"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rumkin/keyget/commit/17d15b6c75036eb429075a8cfeccfc18094dd2e2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"ID": "CVE-2020-28272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "keyget",
"version": {
"version_data": [
{
"version_value": "1.0.1, 2.0.0, 2.0.1, 2.1.0, 2.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prototype pollution vulnerability in \u0027keyget\u0027 versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28272",
"refsource": "CONFIRM",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28272"
},
{
"name": "https://github.com/rumkin/keyget/commit/17d15b6c75036eb429075a8cfeccfc18094dd2e2",
"refsource": "MISC",
"url": "https://github.com/rumkin/keyget/commit/17d15b6c75036eb429075a8cfeccfc18094dd2e2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2020-28272",
"datePublished": "2020-12-02T14:32:00.000Z",
"dateReserved": "2020-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:33:58.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}