Skip to main content

Tree Kit

1 CVEs product

Monthly

CVE-2023-38894 npm CRITICAL POC PATCH Act Now

A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Prototype Pollution Tree Kit
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Prototype Pollution Tree Kit
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy