CVE-2022-39322 @keystone-6/core is a core package for Keystone 6, a content management system for Node.js
* For example, the following code would result in the vulnerability above. ```js App.User.create({ name: `John Doe` }, { multi: true }). Then, after upgrading to version 2.3.1, create a new user with the `multiselect` field as `John Doe, Mary Smith` will result in the vulnerability above. ```js App.User.create({ name: `John Doe, Mary Smith` }).
If you use another field besides `multiselect` for your fields other than `multiselect`, you are protected against this issue. If you use `multiselect` for fields other than `multiselect`, you are vulnerable to this issue. On upgrade, you may want to review the fields you are using and make sure they are not used for fields other than `multiselect`. - CVE-2018-7548 - A potential issue was found with the `multiselect` field. If you use the `multiselect` field for fields other than `multiselect`, you are vulnerable to this issue. - CVE-2018-7549 - An issue was found with the `multiselect` field. If you use the `multiselect` field for fields other than `multiselect`, you are vulnerable to this issue. - CVE-2018-7550 - An issue was found with the `multiselect` field. If you use the `mult
Version Information
There are four updates deployed to address these vulnerabilities. The following table displays the four updates and the affected versions:
The update deploys on October 18, 2018.
Timeline
Published on: 10/25/2022 17:15:00 UTC
Last modified on: 10/28/2022 19:27:00 UTC