tree-kit
npm2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting tree-kitpage 1 of 1
- CVE-2021-4278MEDIUMCVSS 5.5EG 5.5✓ Fixed in 0.7.02022-12-25
A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). Up…
- CVE-2023-38894CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.7.52023-08-16
A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function.
Check whether tree-kit is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for tree-kit CVEs against the assets you own.
Start Free Scan →