keyget@2.0.1 vulnerabilities

Is nested object manipulation kit. It can find, get, set, push or call nested properties.

  • latest version

    2.4.0

  • first published

    8 years ago

  • latest version published

    2 years ago

  • deprecated

    Package is deprecated

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the keyget package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Prototype Pollution

    keyget is an Is nested object manipulation kit. It can find, get, set, push or call nested properties. Note: The package is deprecated due to prototype pollution vulnerability.

    Affected versions of this package are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution.

    Note: This vulnerability derives from an incomplete fix to CVE-2020-28272

    How to fix Prototype Pollution?

    There is no fixed version for keyget.

    >=0.0.0
    • M
    Prototype Pollution

    keyget is an Is nested object manipulation kit. It can find, get, set, push or call nested properties. Note: The package is deprecated due to prototype pollution vulnerability.

    Affected versions of this package are vulnerable to Prototype Pollution. A Prototype pollution vulnerability exists in methods set, push and at which could allow a attacker to cause a denial of service and may lead to remote code execution.

    How to fix Prototype Pollution?

    Upgrade keyget to version 2.3.0 or higher.

    <2.3.0