Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8
CVE-2023-37478
- EPSS 1.7%
- Veröffentlicht 01.08.2023 12:15:09
- Zuletzt bearbeitet 21.11.2024 08:11:47
pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can result in a package that appears ...
8.8
CVE-2022-26183
- EPSS 0.64%
- Veröffentlicht 21.03.2022 22:15:07
- Zuletzt bearbeitet 21.11.2024 06:53:33
PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. This vulnerability occurs when the appli...