CVE-2022-26183

Опубликовано: 21 мар. 2022

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.

Ссылки

https://github.com/pnpm/pnpm/commit/04b7f60861ddee8331e50d70e193d1e701abeefb
Patch
https://github.com/pnpm/pnpm/releases/tag/v6.15.1
Release Notes
https://www.sonarsource.com/blog/securing-developer-tools-package-managers/
Exploit
Third Party Advisory
https://github.com/pnpm/pnpm/commit/04b7f60861ddee8331e50d70e193d1e701abeefb
Patch
https://github.com/pnpm/pnpm/releases/tag/v6.15.1
Release Notes
https://www.sonarsource.com/blog/securing-developer-tools-package-managers/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:pnpm:pnpm:*:*:*:*:*:node.js:*:*

Версия до 6.15.1 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00642

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-426

Связанные уязвимости

CVE-2022-26183

CVSS3: 8.8

debian

почти 4 года назад

PNPM v6.15.1 and below was discovered to contain an untrusted search p ...

GHSA-9m87-6fj3-c5xh

CVSS3: 8.8

github

почти 4 года назад

Untrusted Search Path in PNPM

EPSS

Процентиль: 70%

0.00642

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-426