exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2025-69262

3 месяца назад

pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code Execution (RCE) in build environments. This issue is fixed in version 10.27.0.

CVSS3: 7.5

EPSS: Низкий

CVE-2025-69262

3 месяца назад

pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code Execution (RCE) in build environments. This issue is fixed in version 10.27.0.

CVSS3: 7.5

EPSS: Низкий

CVE-2025-69262

3 месяца назад

pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Comm ...

CVSS3: 7.5

EPSS: Низкий

GHSA-2phv-j68v-wwqx

3 месяца назад

pnpm vulnerable to Command Injection via environment variable substitution

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2025-69262 pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code Execution (RCE) in build environments. This issue is fixed in version 10.27.0.	CVSS3: 7.5	0% Низкий	3 месяца назад
CVE-2025-69262 pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code Execution (RCE) in build environments. This issue is fixed in version 10.27.0.	CVSS3: 7.5	0% Низкий	3 месяца назад
CVE-2025-69262 pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Comm ...	CVSS3: 7.5	0% Низкий	3 месяца назад
GHSA-2phv-j68v-wwqx pnpm vulnerable to Command Injection via environment variable substitution	CVSS3: 7.5	0% Низкий	3 месяца назад

Уязвимостей на страницу