Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by tree_kit_project
CVE-2023-38894 (GCVE-0-2023-38894)
Vulnerability from nvd – Published: 2023-08-16 00:00 – Updated: 2024-10-08 19:24
VLAI
Summary
A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://tree-kit.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cronvel/tree-kit"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.code-intelligence.com/blog/treekit-prototype-pollution-cve-2023-38894"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38894",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T19:24:37.806702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T19:24:49.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T21:05:05.446Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://tree-kit.com"
},
{
"url": "https://github.com/cronvel/tree-kit"
},
{
"url": "https://www.code-intelligence.com/blog/treekit-prototype-pollution-cve-2023-38894"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38894",
"datePublished": "2023-08-16T00:00:00.000Z",
"dateReserved": "2023-07-25T00:00:00.000Z",
"dateUpdated": "2024-10-08T19:24:49.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4278 (GCVE-0-2021-4278)
Vulnerability from nvd – Published: 2022-12-25 15:53 – Updated: 2024-08-03 17:23
VLAI
Title
cronvel tree-kit prototype pollution
Summary
A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). Upgrading to version 0.7.0 is able to address this issue. The name of the patch is a63f559c50d70e8cb2eaae670dec25d1dbc4afcd. It is recommended to upgrade the affected component. The identifier VDB-216765 was assigned to this vulnerability.
Severity
5.5 (Medium)
5.5 (Medium)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.216765 | vdb-entry |
| https://vuldb.com/?ctiid.216765 | signaturepermissions-required |
| https://github.com/cronvel/tree-kit/commit/a63f55… | patch |
| https://github.com/cronvel/tree-kit/releases/tag/v0.7.0 | patch |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:23:09.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.216765"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.216765"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/cronvel/tree-kit/commit/a63f559c50d70e8cb2eaae670dec25d1dbc4afcd"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/cronvel/tree-kit/releases/tag/v0.7.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "tree-kit",
"vendor": "cronvel",
"versions": [
{
"status": "affected",
"version": "0.1"
},
{
"status": "affected",
"version": "0.2"
},
{
"status": "affected",
"version": "0.3"
},
{
"status": "affected",
"version": "0.4"
},
{
"status": "affected",
"version": "0.5"
},
{
"status": "affected",
"version": "0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation leads to improperly controlled modification of object prototype attributes (\u0027prototype pollution\u0027). Upgrading to version 0.7.0 is able to address this issue. The name of the patch is a63f559c50d70e8cb2eaae670dec25d1dbc4afcd. It is recommended to upgrade the affected component. The identifier VDB-216765 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in cronvel tree-kit bis 0.6.x entdeckt. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion. Durch Beeinflussen mit unbekannten Daten kann eine improperly controlled modification of object prototype attributes (\u0027prototype pollution\u0027)-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.7.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als a63f559c50d70e8cb2eaae670dec25d1dbc4afcd bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-25T15:53:03.430Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.216765"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.216765"
},
{
"tags": [
"patch"
],
"url": "https://github.com/cronvel/tree-kit/commit/a63f559c50d70e8cb2eaae670dec25d1dbc4afcd"
},
{
"tags": [
"patch"
],
"url": "https://github.com/cronvel/tree-kit/releases/tag/v0.7.0"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-12-25T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2022-12-25T16:57:50.000Z",
"value": "VulDB last update"
}
],
"title": "cronvel tree-kit prototype pollution"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2021-4278",
"datePublished": "2022-12-25T15:53:03.430Z",
"dateReserved": "2022-12-25T15:52:09.943Z",
"dateUpdated": "2024-08-03T17:23:09.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38894 (GCVE-0-2023-38894)
Vulnerability from cvelistv5 – Published: 2023-08-16 00:00 – Updated: 2024-10-08 19:24
VLAI
Summary
A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://tree-kit.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cronvel/tree-kit"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.code-intelligence.com/blog/treekit-prototype-pollution-cve-2023-38894"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38894",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T19:24:37.806702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T19:24:49.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T21:05:05.446Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://tree-kit.com"
},
{
"url": "https://github.com/cronvel/tree-kit"
},
{
"url": "https://www.code-intelligence.com/blog/treekit-prototype-pollution-cve-2023-38894"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38894",
"datePublished": "2023-08-16T00:00:00.000Z",
"dateReserved": "2023-07-25T00:00:00.000Z",
"dateUpdated": "2024-10-08T19:24:49.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4278 (GCVE-0-2021-4278)
Vulnerability from cvelistv5 – Published: 2022-12-25 15:53 – Updated: 2024-08-03 17:23
VLAI
Title
cronvel tree-kit prototype pollution
Summary
A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). Upgrading to version 0.7.0 is able to address this issue. The name of the patch is a63f559c50d70e8cb2eaae670dec25d1dbc4afcd. It is recommended to upgrade the affected component. The identifier VDB-216765 was assigned to this vulnerability.
Severity
5.5 (Medium)
5.5 (Medium)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.216765 | vdb-entry |
| https://vuldb.com/?ctiid.216765 | signaturepermissions-required |
| https://github.com/cronvel/tree-kit/commit/a63f55… | patch |
| https://github.com/cronvel/tree-kit/releases/tag/v0.7.0 | patch |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:23:09.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.216765"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.216765"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/cronvel/tree-kit/commit/a63f559c50d70e8cb2eaae670dec25d1dbc4afcd"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/cronvel/tree-kit/releases/tag/v0.7.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "tree-kit",
"vendor": "cronvel",
"versions": [
{
"status": "affected",
"version": "0.1"
},
{
"status": "affected",
"version": "0.2"
},
{
"status": "affected",
"version": "0.3"
},
{
"status": "affected",
"version": "0.4"
},
{
"status": "affected",
"version": "0.5"
},
{
"status": "affected",
"version": "0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation leads to improperly controlled modification of object prototype attributes (\u0027prototype pollution\u0027). Upgrading to version 0.7.0 is able to address this issue. The name of the patch is a63f559c50d70e8cb2eaae670dec25d1dbc4afcd. It is recommended to upgrade the affected component. The identifier VDB-216765 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in cronvel tree-kit bis 0.6.x entdeckt. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion. Durch Beeinflussen mit unbekannten Daten kann eine improperly controlled modification of object prototype attributes (\u0027prototype pollution\u0027)-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.7.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als a63f559c50d70e8cb2eaae670dec25d1dbc4afcd bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-25T15:53:03.430Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.216765"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.216765"
},
{
"tags": [
"patch"
],
"url": "https://github.com/cronvel/tree-kit/commit/a63f559c50d70e8cb2eaae670dec25d1dbc4afcd"
},
{
"tags": [
"patch"
],
"url": "https://github.com/cronvel/tree-kit/releases/tag/v0.7.0"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-12-25T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2022-12-25T16:57:50.000Z",
"value": "VulDB last update"
}
],
"title": "cronvel tree-kit prototype pollution"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2021-4278",
"datePublished": "2022-12-25T15:53:03.430Z",
"dateReserved": "2022-12-25T15:52:09.943Z",
"dateUpdated": "2024-08-03T17:23:09.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}