Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package tree-kit, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2023-38894 — CVSS 9.8 (critical): A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend…
CVE-2021-4278 — CVSS 5.5 (medium): A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation…