Lucene search
K

6 matches found

CVE
CVE
added 2026/06/25 4:44 p.m.19 views

CVE-2026-55699

CVE-2026-55699 affects pnpm. Prior to versions 10.34.2 and 11.5.3, manifest bin object keys such as "", ".", and ".." could bypass the bin-name guard. In a scenario where a malicious global package is installed, downstream global remove/update/add-replacement flows could re-derive those names and...

6.5CVSS5.9AI score0.00286EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52524

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.2 pnpm versions prior to 11.5.3 Description Manifest bin object keys such as "", ".", and ".." bypass the bin-name guard. If a malicious package is installed globally, subsequent global remove, update, or...

6.5CVSS5.8AI score0.00286EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-10773

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted bin keys...

7.8CVSS7.2AI score0.01505EPSS
Exploits1References2
OSV
OSV
added 2019/12/16 8:15 p.m.1 views

DEBIAN-CVE-2019-10773

In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set...

7.8CVSS7.8AI score0.01505EPSS
Exploits1References1
OSV
OSV
added 2019/12/16 8:15 p.m.3 views

UBUNTU-CVE-2019-10773

In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set...

7.8CVSS7.2AI score0.01505EPSS
Exploits1References7
Cvelist
Cvelist
added 2019/12/16 7:31 p.m.24 views

CVE-2019-10773

In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set...

7.6AI score0.01505EPSS
Exploits1References7
Rows per page
Query Builder