Lucene search
+L

10 matches found

susecve
susecve
added 2026/01/28 12:24 a.m.6 views

SUSE CVE-2026-23890

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal...

6.5CVSS5.9AI score0.00438EPSS
Exploits1References3
nvd
nvd
added 2026/01/26 10:15 p.m.6 views

CVE-2026-23890

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal...

6.5CVSS0.00438EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/01/26 9:53 p.m.3 views

CVE-2026-23890

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal...

6.5CVSS5.9AI score0.00438EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2026/01/26 9:53 p.m.23 views

CVE-2026-23890 pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal...

6.5CVSS0.00438EPSS
Exploits1References3
cve
cve
added 2026/01/26 9:53 p.m.21 views

CVE-2026-23890

CVE-2026-23890 affects pnpm, a package manager. A path traversal vulnerability exists in pnpm’s bin linking prior to version 10.28.1, where bin names starting with @ bypass validation and, after scope normalization, path traversal sequences like ../../ remain intact. This enables a malicious npm ...

6.5CVSS5.9AI score0.00438EPSS
Exploits1References3Affected Software1
vulnrichment
vulnrichment
added 2026/01/26 9:53 p.m.1 views

CVE-2026-23890 pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal...

6.5CVSS5.9AI score0.00438EPSS
Exploits1References3
euvd
euvd
added 2026/01/26 9:53 p.m.6 views

EUVD-2026-4656

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal...

6.5CVSS5.9AI score0.00438EPSS
Exploits1References3
github
github
added 2026/01/26 9:2 p.m.9 views

pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin

Summary A path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal sequences like ../../ remain intact. Details Th...

6.5CVSS5.9AI score0.00438EPSS
Exploits1References5Affected Software1
osv
osv
added 2026/01/26 9:2 p.m.5 views

GHSA-XPQM-WM3M-F34H pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin

Summary A path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal sequences like ../../ remain intact. Details Th...

6.5CVSS5.9AI score0.00438EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/01/26 12:0 a.m.5 views

PT-2026-4825

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.28.1 Description pnpm is susceptible to a path traversal issue in its bin linking mechanism. Malicious npm packages can exploit this to create executable shims or symlinks outside of the node modules/.bin directory. T...

6.5CVSS5.9AI score0.00438EPSS
Exploits1References10
Rows per page
Query Builder