exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2024-47829

9 месяцев назад

pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name /node_modoules/, there are no version numbers for the libraries they refer to. This issue has been patched in version 10.0.0.

CVSS3: 6.5

EPSS: Низкий

CVE-2024-47829

9 месяцев назад

pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name /node_modoules/, there are no version numbers for the libraries they refer to. This issue has been patched in version 10.0.0.

CVSS3: 6.5

EPSS: Низкий

CVE-2024-47829

9 месяцев назад

pnpm is a package manager. Prior to version 10.0.0, the path shortenin ...

CVSS3: 6.5

EPSS: Низкий

GHSA-8cc4-rfj6-fhg4

9 месяцев назад

pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting

CVSS3: 6.5

EPSS: Низкий

BDU:2025-06425

9 месяцев назад

Уязвимость функции md5 менеджера пакетов pnpm, позволяющая нарушителю оказать воздействие на целостность данных

CVSS3: 6.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2024-47829 pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name /node_modoules/, there are no version numbers for the libraries they refer to. This issue has been patched in version 10.0.0.	CVSS3: 6.5	0% Низкий	9 месяцев назад
CVE-2024-47829 pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name /node_modoules/, there are no version numbers for the libraries they refer to. This issue has been patched in version 10.0.0.	CVSS3: 6.5	0% Низкий	9 месяцев назад
CVE-2024-47829 pnpm is a package manager. Prior to version 10.0.0, the path shortenin ...	CVSS3: 6.5	0% Низкий	9 месяцев назад
GHSA-8cc4-rfj6-fhg4 pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting	CVSS3: 6.5	0% Низкий	9 месяцев назад
BDU:2025-06425 Уязвимость функции md5 менеджера пакетов pnpm, позволяющая нарушителю оказать воздействие на целостность данных	CVSS3: 6.5	0% Низкий	9 месяцев назад

Уязвимостей на страницу