Prototype Pollution in keyget package (0.0.0) via set, push, and at methods leading to DoS and potential RCE

Prototype Pollution in keyget package (0.0.0) via set, push, and at methods leading to DoS and potential RCE

CVE-2021-23760 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272](https://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048)

Learn more about our Web Application Penetration Testing UK.