Description
A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function.
Remediation
References
http://tree-kit.com
https://github.com/cronvel/tree-kit
https://www.code-intelligence.com/blog/treekit-prototype-pollution-cve-2023-38894
Related Vulnerabilities
CVE-2021-43116 Vulnerability in maven package com.alibaba.nacos:nacos-client
CVE-2018-9207 Vulnerability in maven package org.webjars:jquery-file-upload
CVE-2023-26487 Vulnerability in maven package org.webjars.npm:vega-functions
CVE-2023-33201 Vulnerability in maven package org.bouncycastle:bcprov-jdk18on
CVE-2021-32820 Vulnerability in npm package express-handlebars