Lucene search
K

14 matches found

SUSE CVE
SUSE CVE
added 2026/01/09 12:44 a.m.5 views

SUSE CVE-2023-37478

pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can result in a package that appears safe on the npm registry or when installed via...

9.8CVSS6.9AI score0.00941EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2023/08/01 5:0 p.m.5 views

@emberai/agent-node (>=1.1.0 <=1.2.0), @pnpm/beta (>=0.0.2-6.13.0 <=0.0.6-6.17.0) +1 more potentially affected by CVE-2023-37478 via @pnpm/macos-arm64 (>=0.0.2-6.13.0 <=7.33.3)

@pnpm/macos-arm64 NPM version =0.0.2-6.13.0, =1.1.0, =0.0.2-6.13.0, =6.17.1, =11.5.3 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...

9.8CVSS7.2AI score0.00941EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/08/01 5:0 p.m.6 views

@pnpm/exe (>=8.0.0 <=8.15.9) potentially affected by CVE-2023-37478 via @pnpm/macos-x64 (>=8.0.0 <=8.6.7)

@pnpm/macos-x64 NPM version =8.0.0, =8.0.0, =8.15.9 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...

9.8CVSS7.2AI score0.00941EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/08/01 5:0 p.m.4 views

@emberai/agent-node (>=1.1.0 <=1.2.0), @pnpm/beta (=0.0.6-6.17.0) +1 more potentially affected by CVE-2023-37478 via @pnpm/linux-arm64 (>=0.0.6-6.17.0 <=7.33.3)

@pnpm/linux-arm64 NPM version =0.0.6-6.17.0, =1.1.0, =6.17.1, =11.5.3 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...

9.8CVSS7.2AI score0.00941EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/08/01 5:0 p.m.7 views

@pnpm/exe (>=8.0.0 <=8.15.9) potentially affected by CVE-2023-37478 via @pnpm/linux-x64 (>=8.0.0 <=8.6.7)

@pnpm/linux-x64 NPM version =8.0.0, =8.0.0, =8.15.9 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...

9.8CVSS7.2AI score0.00941EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/08/01 5:0 p.m.7 views

@pnpm/exe (>=8.0.0 <=8.15.9) potentially affected by CVE-2023-37478 via @pnpm/macos-arm64 (>=8.0.0 <=8.6.7)

@pnpm/macos-arm64 NPM version =8.0.0, =8.0.0, =8.15.9 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...

9.8CVSS7.2AI score0.00941EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/08/01 5:0 p.m.5 views

@pnpm/exe (>=8.0.0 <=8.15.9) potentially affected by CVE-2023-37478 via @pnpm/win-x64 (>=8.0.0 <=8.6.7)

@pnpm/win-x64 NPM version =8.0.0, =8.0.0, =8.15.9 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...

9.8CVSS7.2AI score0.00941EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/08/01 5:0 p.m.6 views

@pnpm/exe (>=8.0.0 <=8.15.9) potentially affected by CVE-2023-37478 via @pnpm/linux-arm64 (>=8.0.0 <=8.6.7)

@pnpm/linux-arm64 NPM version =8.0.0, =8.0.0, =8.15.9 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...

9.8CVSS7.2AI score0.00941EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/08/01 5:0 p.m.7 views

@deanc/kysely-schema-generator (>=0.0.1 <=0.1.2), @donny94/utils-calendar (>=1.0.0 <=5.0.0) +89 more potentially affected by CVE-2023-37478 via pnpm (>=8.10.2 <=8.15.9)

pnpm NPM version =8.10.2, =0.0.1, =1.0.0, =0.0.5, =0.0.1-beta.17, =0.1.0, =0.1.11 and more Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...

9.8CVSS7.2AI score0.00941EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/08/01 5:0 p.m.6 views

@emberai/agent-node (>=1.1.0 <=1.2.0), @pnpm/beta (>=0.0.1-6 <=0.0.6-6.17.0) +1 more potentially affected by CVE-2023-37478 via @pnpm/macos-x64 (>=0.0.1-0 <=7.33.3)

@pnpm/macos-x64 NPM version =0.0.1-0, =1.1.0, =0.0.1-6, =6.17.1, =11.0.4 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...

9.8CVSS7.2AI score0.00941EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/08/01 5:0 p.m.14 views

@emberai/agent-node (>=1.1.0 <=1.2.0), @pnpm/beta (>=0.0.0 <=0.0.6-6.17.0) +1 more potentially affected by CVE-2023-37478 via @pnpm/win-x64 (>=0.0.0 <=7.33.3)

@pnpm/win-x64 NPM version =0.0.0, =1.1.0, =0.0.0, =6.17.1, =11.5.3 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...

9.8CVSS7.2AI score0.00941EPSS
Exploits1
CVE
CVE
added 2023/08/01 11:43 a.m.74 views

CVE-2023-37478

CVE-2023-37478 affects pnpm, where tarball parsing can cause a malicious package to be installed via pnpm even if it appears safe on npm or the registry. The issue stems from how pnpm parses tar archives and can lead to replacement of a safe package with a malicious one during installation. The v...

9.8CVSS8.5AI score0.00941EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/01 11:43 a.m.14 views

CVE-2023-37478 pnpm incorrectly parses tar archives relative to specification

pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can result in a package that appears safe on the npm registry or when installed via...

7.5CVSS9.4AI score0.00941EPSS
Exploits1References3
Circl
Circl
added 2023/08/01 9:12 a.m.8 views

CVE-2023-37478

creationtimestamp| type| source ---|---|--- 2023-08-01 09:12:44+00:00| published-proof-of-concept| https://github.com/pnpm/pnpm/security/advisories/GHSA-5r98-f33j-g8h7 2023-08-01 16:38:23+00:00| seen| https://t.me/cibsecurity/67502 2023-10-25 22:39:55+00:00| published-proof-of-concept|...

9.8CVSS7.3AI score0.00941EPSS
Exploits1References3
Rows per page
Query Builder