Vulnerabilities > CVE-2020-28272 - Unspecified vulnerability in Keyget Project Keyget

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

keyget-project

NVD

Published: 2020-12-02

Updated: 2020-12-07

Summary

Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution.

Vulnerable Configurations

Part	Description	Count
Application	Keyget_Project Keyget Project Keyget 1.0.1 Keyget Project Keyget 2.0.0 Keyget Project Keyget 2.0.1 Keyget Project Keyget 2.1.0 Keyget Project Keyget 2.2.0	5

References

https://github.com/rumkin/keyget/commit/17d15b6c75036eb429075a8cfeccfc18094dd2e2
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28272