exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2026-23890

2 месяца назад

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of `node_modules/.bin`. Bin names starting with `@` bypass validation, and after scope normalization, path traversal sequences like `../../` remain intact. This issue affects all pnpm users who install npm packages and CI/CD pipelines using pnpm. It can lead to overwriting config files, scripts, or other sensitive files. Version 10.28.1 contains a patch.

CVSS3: 6.5

EPSS: Низкий

CVE-2026-23890

2 месяца назад

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of `node_modules/.bin`. Bin names starting with `@` bypass validation, and after scope normalization, path traversal sequences like `../../` remain intact. This issue affects all pnpm users who install npm packages and CI/CD pipelines using pnpm. It can lead to overwriting config files, scripts, or other sensitive files. Version 10.28.1 contains a patch.

CVSS3: 6.5

EPSS: Низкий

CVE-2026-23890

2 месяца назад

pnpm is a package manager. Prior to version 10.28.1, a path traversal ...

CVSS3: 6.5

EPSS: Низкий

GHSA-xpqm-wm3m-f34h

2 месяца назад

pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin

CVSS3: 6.5

EPSS: Низкий

BDU:2026-00958

2 месяца назад

Уязвимость менеджера пакетов pnpm, связанная с неверным ограничением имени пути к каталогу, позволяющая нарушителю записывать произвольные файлы

CVSS3: 6.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2026-23890 pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of `node_modules/.bin`. Bin names starting with `@` bypass validation, and after scope normalization, path traversal sequences like `../../` remain intact. This issue affects all pnpm users who install npm packages and CI/CD pipelines using pnpm. It can lead to overwriting config files, scripts, or other sensitive files. Version 10.28.1 contains a patch.	CVSS3: 6.5	0% Низкий	2 месяца назад
CVE-2026-23890 pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of `node_modules/.bin`. Bin names starting with `@` bypass validation, and after scope normalization, path traversal sequences like `../../` remain intact. This issue affects all pnpm users who install npm packages and CI/CD pipelines using pnpm. It can lead to overwriting config files, scripts, or other sensitive files. Version 10.28.1 contains a patch.	CVSS3: 6.5	0% Низкий	2 месяца назад
CVE-2026-23890 pnpm is a package manager. Prior to version 10.28.1, a path traversal ...	CVSS3: 6.5	0% Низкий	2 месяца назад
GHSA-xpqm-wm3m-f34h pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin	CVSS3: 6.5	0% Низкий	2 месяца назад
BDU:2026-00958 Уязвимость менеджера пакетов pnpm, связанная с неверным ограничением имени пути к каталогу, позволяющая нарушителю записывать произвольные файлы	CVSS3: 6.5	0% Низкий	2 месяца назад

Уязвимостей на страницу