keyget@2.4.0 vulnerabilities

Is nested object manipulation kit. It can find, get, set, push or call nested properties.

latest version

2.4.0

first published

8 years ago

latest version published

2 years ago

deprecated

Package is deprecated

licenses detected

MIT
>=0

View keyget package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the keyget package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Prototype Pollution keyget is an Is nested object manipulation kit. It can find, get, set, push or call nested properties. Note: The package is deprecated due to prototype pollution vulnerability. Affected versions of this package are vulnerable to Prototype Pollution via the methods `set`, `push`, and `at` which could allow an attacker to cause a denial of service and may lead to remote code execution. Note: This vulnerability derives from an incomplete fix to CVE-2020-28272 How to fix Prototype Pollution? There is no fixed version for `keyget`.	>=0.0.0

Prototype Pollution

keyget is an Is nested object manipulation kit. It can find, get, set, push or call nested properties. Note: The package is deprecated due to prototype pollution vulnerability.

Affected versions of this package are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution.

Note: This vulnerability derives from an incomplete fix to CVE-2020-28272

How to fix Prototype Pollution?

There is no fixed version for keyget.

>=0.0.0

Go back to all versions of this package