@keystone-6/core Security Advisories - Npm

@keystone-6/core

Keystone-6 is the latest version of Keystone. To get help with this package join the conversation in [Slack](https://community.keystonejs.com/), or [Github](https://github.com/keystonejs/keystone/).

View on github.com · View on npmjs.org

Security Advisories for @keystone-6/core in npm

Low

6 months ago

Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields GSA_kwCzR0hTQS1oZzltLTY3bW0tN3BnM84ABHej

npm @keystone-6/core

Moderate

about 2 years ago

When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible GSA_kwCzR0hTQS05Y3ZjLXY3d20tOTkyY84AA1Uh

npm @keystone-6/core

Low

over 2 years ago

@keystone-6/core's bundled cuid package known to be insecure GSA_kwCzR0hTQS01ZnA2LTR4dzMteHFxM84AAzyU

npm @keystone-6/core

Critical

about 3 years ago

@keystone-6/core's NODE_ENV defaults to development with esbuild GSA_kwCzR0hTQS0yNW14LTJteG0tNjM0M84AAvsH

npm @keystone-6/core

Critical

about 3 years ago

Field-level access-control bypass for multiselect field GSA_kwCzR0hTQS02bWhyLTUybXYtNnY2Zs4AAvaQ

npm @keystone-6/core

Filter by Severity

Low 2 Critical 2 Moderate 1

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

@keystone-6/core

Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields GSA_kwCzR0hTQS1oZzltLTY3bW0tN3BnM84ABHej

When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible GSA_kwCzR0hTQS05Y3ZjLXY3d20tOTkyY84AA1Uh

@keystone-6/core's bundled cuid package known to be insecure GSA_kwCzR0hTQS01ZnA2LTR4dzMteHFxM84AAzyU

@keystone-6/core's NODE_ENV defaults to development with esbuild GSA_kwCzR0hTQS0yNW14LTJteG0tNjM0M84AAvsH

Field-level access-control bypass for multiselect field GSA_kwCzR0hTQS02bWhyLTUybXYtNnY2Zs4AAvaQ

Filter by Severity