2 matches found
CVE-2026-9496
Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation...
PT-2026-43191
Name of the Vulnerable Software and Affected Versions pacote versions 11.2.7 and later Description A Regular Expression Denial of Service ReDoS exists in the addGitSha function. An attacker can cause excessive CPU consumption, potentially stalling or crashing the process, by providing a specially...