GHSA-9m87-6fj3-c5xh

Опубликовано: 23 мар. 2022

Источник: github

Github: Прошло ревью

CVSS3: 8.8

Описание

Untrusted Search Path in PNPM

PNPM prior to v6.15.1 was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.

Ссылки

Пакеты

Наименование

pnpm

npm

Затронутые версииВерсия исправления

< 6.15.1

6.15.1

EPSS

Процентиль: 70%

0.00642

Низкий

8.8 High

CVSS3

CVE ID

CVE-2022-26183

Дефекты

CWE-426

Связанные уязвимости

CVE-2022-26183

CVSS3: 8.8

nvd

почти 4 года назад

PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.

CVE-2022-26183

CVSS3: 8.8

debian

почти 4 года назад

PNPM v6.15.1 and below was discovered to contain an untrusted search p ...

EPSS

Процентиль: 70%

0.00642

Низкий

8.8 High

CVSS3

CVE ID

CVE-2022-26183

Дефекты

CWE-426