CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272](https://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048)

*   **Attack Complexity**
    
    High
    

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

*   **snyk-id**
    
    SNYK-JS-KEYGET-2342624
    
*   **published**
    
    25 Jan 2022
    
*   **disclosed**
    
    18 Jan 2022
    
*   **credit**
    
    P.Adithya Srinivas, Masudul Hasan Masud Bhuiyan, Cristian-Alexandru Staicu
    

**How to fix?**

**Overview**

**PoC:**

**Details**

**Types of attacks**

**Affected environments**

**How to prevent**

Headline

CVE-2021-23760: Prototype Pollution in keyget | CVE-2021-23760 | Snyk

CVE: Latest News