CVE-2021-23760: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

January 28, 2022 (updated February 4, 2022)

The package keyget from is vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution.

References

nvd.nist.gov/vuln/detail/CVE-2021-23760
snyk.io/vuln/SNYK-JS-KEYGET-2342624

Detect and mitigate CVE-2021-23760 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →