Austin Burdine

**Name of the Vulnerable Software and Affected Versions** @keystone-6/core versions 3.0.0 through 3.0.1 **Description** The issue arises when `NODE ENV` is inlined to "development" for user code, regardless of the environment variables. This affects users who use `NODE ENV` to trigger security-sensitive functionality in their production builds. The application's dependencies, found in `node modules`, are typically not compiled and should be unaffected. The vulnerability has been fixed in @keystone-6/core@3.0.2. **Recommendations** For @keystone-6/core versions 3.0.0 through 3.0.1, update to @keystone-6/core@3.0.2 to resolve the issue. As a temporary workaround, consider removing any code that uses `NODE ENV` in a way that may reasonably impact application security.