keyget@2.3.0-rc.3 vulnerabilities

Is nested object manipulation kit. It can find, get, set, push or call nested properties.

latest version

2.4.0
first published

8 years ago
latest version published

2 years ago
licenses detected
- MIT
  >=0
View keyget package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the keyget package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Prototype Pollution keyget is an Is nested object manipulation kit. It can find, get, set, push or call nested properties. Note: The package is deprecated due to prototype pollution vulnerability. Affected versions of this package are vulnerable to Prototype Pollution via the methods `set`, `push`, and `at` which could allow an attacker to cause a denial of service and may lead to remote code execution. Note: This vulnerability derives from an incomplete fix to CVE-2020-28272 How to fix Prototype Pollution? There is no fixed version for `keyget`.	>=0.0.0
M Prototype Pollution keyget is an Is nested object manipulation kit. It can find, get, set, push or call nested properties. Note: The package is deprecated due to prototype pollution vulnerability. Affected versions of this package are vulnerable to Prototype Pollution. A Prototype pollution vulnerability exists in methods `set`, `push` and `at` which could allow a attacker to cause a denial of service and may lead to remote code execution. How to fix Prototype Pollution? Upgrade `keyget` to version 2.3.0 or higher.	<2.3.0

Prototype Pollution

keyget is an Is nested object manipulation kit. It can find, get, set, push or call nested properties. Note: The package is deprecated due to prototype pollution vulnerability.

Affected versions of this package are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution.

Note: This vulnerability derives from an incomplete fix to CVE-2020-28272

How to fix Prototype Pollution?

There is no fixed version for keyget.

>=0.0.0

Prototype Pollution

keyget is an Is nested object manipulation kit. It can find, get, set, push or call nested properties. Note: The package is deprecated due to prototype pollution vulnerability.

Affected versions of this package are vulnerable to Prototype Pollution. A Prototype pollution vulnerability exists in methods set, push and at which could allow a attacker to cause a denial of service and may lead to remote code execution.

How to fix Prototype Pollution?

Upgrade keyget to version 2.3.0 or higher.

<2.3.0

Go back to all versions of this package

keyget@2.3.0-rc.3 vulnerabilities

Is nested object manipulation kit. It can find, get, set, push or call nested properties.

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities