cbcvebase.

Keystonejs Keystone vulnerabilities

15 known vulnerabilities affecting keystonejs/keystone.

Total CVEs
15
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH4MEDIUM8

Vulnerabilities

Page 1 of 1
CVE-2017-15879P3HIGHCVSS 8.8PoC≤ 4.0.02017-10-24
CVE-2017-15879 [HIGH] CWE-20 CVE-2017-15879: CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.j CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export.
nvd
CVE-2017-15878P3MEDIUMCVSS 6.1PoCfixed in 4.0.02017-10-24
CVE-2017-15878 [MEDIUM] CWE-79 CVE-2017-15878: A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in Keysto A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature.
nvd
CVE-2022-29354P3CRITICALCVSS 9.8v4.2.12022-05-16
CVE-2022-29354 [CRITICAL] CWE-434 CVE-2022-29354: An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file.
nvd
CVE-2022-0087P3MEDIUMCVSS 6.1PoCfixed in 1.0.22022-01-12
CVE-2022-0087 [MEDIUM] CWE-79 CVE-2022-0087: keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site S keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
nvd
CVE-2022-39382P3CRITICALCVSS 9.8v3.0.0v3.0.1+1 more2022-11-03
CVE-2022-39382 [CRITICAL] CWE-74 CVE-2022-39382: Keystone is a headless CMS for Node.js — built with GraphQL and React.`@keystone-6/[email protected] || 3.0 Keystone is a headless CMS for Node.js — built with GraphQL and React.`@keystone-6/[email protected] || 3.0.1` users that use `NODE_ENV` to trigger security-sensitive functionality in their production builds are vulnerable to `NODE_ENV` being inlined to `"development"` for user code, irrespective of what your environment variables. If you do not use `NODE
nvd
CVE-2022-39322P3CRITICALCVSS 9.8≥ 2.2.0, < 2.3.1v>= 2.2.0, < 2.3.12022-10-25
CVE-2022-39322 [CRITICAL] CWE-285 CVE-2022-39322: @keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting @keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their `multiselect` fields to use the field-level access control - if configured - are vulnerable to their field-level access control not being used. List-level access control is not
nvd
CVE-2017-16570P3HIGHCVSS 8.8fixed in 4.0.02017-11-06
CVE-2017-16570 [HIGH] CWE-352 CVE-2017-16570: KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter an KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header.
nvd
CVE-2015-9240P3HIGHCVSS 7.5fixed in 0.3.162018-05-29
CVE-2015-9240 [HIGH] CWE-255 CVE-2015-9240: Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, inc Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in.
nvd
CVE-2021-32624P4HIGH≥ 0, ≤ 19.3.22021-05-27
CVE-2021-32624 [HIGH] CWE-200 Private Field data leak Private Field data leak This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an access control related oracle attack in that the attack method guides an attacker during their attempt to reveal information they do not have access to. The complexity of completing the attack is limited by some l
ghsaosv
CVE-2023-40027P4MEDIUMCVSS 5.3fixed in 5.5.12023-08-15
CVE-2023-40027 [MEDIUM] CWE-862 CVE-2023-40027: Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When `ui.isAcces Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When `ui.isAccessAllowed` is set as `undefined`, the `adminMeta` GraphQL query is publicly accessible (no session required). This is different to the behaviour of the default AdminUI middleware, which by default will only be publicly accessible (no session required)
nvd
CVE-2026-10802P4MEDIUMCVSS 4.3v202603192026-06-04
CVE-2026-10802 [MEDIUM] CWE-400 CVE-2026-10802: A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unkno A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attack remotely. The exploit is now public and may be used.
nvd
CVE-2026-33326P4MEDIUMCVSS 4.3fixed in 6.5.22026-03-24
CVE-2026-33326 [MEDIUM] CVE-2026-33326: Keystone is a content management system for Node.js. Prior to version 6.5.2, {field}.isFilterable ac Keystone is a content management system for Node.js. Prior to version 6.5.2, {field}.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 (field-level isFilterable bypass for update and delete mutations) added checks to
nvd
CVE-2025-46720P4MEDIUMCVSS 4.3fixed in 6.5.0fixed in 6.5.22025-05-05
CVE-2025-46720 [MEDIUM] CWE-200 CVE-2025-46720: Keystone is a content management system for Node.js. Prior to version 6.5.0, `{field}.isFilterable` Keystone is a content management system for Node.js. Prior to version 6.5.0, `{field}.isFilterable` access control can be bypassed in `update` and `delete` mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of otherwise unreadable fields. Specifically, when a mutation includes a `wher
nvd
CVE-2017-15881P4MEDIUMCVSS 4.8≤ 0.3.22v4.0.02017-10-24
CVE-2017-15881 [MEDIUM] CVE-2017-15881: Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated adm Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878.
nvd
CVE-2023-34247P4MEDIUMCVSS 4.1≤ 7.0.02023-06-13
CVE-2023-34247 [MEDIUM] CWE-601 CVE-2023-34247: Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/a Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. To mitig
nvd
Keystonejs Keystone vulnerabilities | cvebase