Описание
In Bun before 1.3.5, the default trusted dependencies list (aka trust allow list) can be spoofed by a non-npm package in the case of a matching name (for file, link, git, or github).
EPSS
Процентиль: 0%
0.00003
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-348
Связанные уязвимости
CVSS3: 5.9
debian
11 дней назад
In Bun before 1.3.5, the default trusted dependencies list (aka trust ...
CVSS3: 5.9
github
10 дней назад
In Bun before 1.3.5, the default trusted dependencies list (aka trust allow list) can be spoofed by a non-npm package in the case of a matching name (for file, link, git, or github).
EPSS
Процентиль: 0%
0.00003
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-348