2 matches found
EUVD-2026-31793
Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing...
PT-2026-43191
Name of the Vulnerable Software and Affected Versions pacote versions 11.2.7 and later Description A Regular Expression Denial of Service ReDoS exists in the addGitSha function. An attacker can cause excessive CPU consumption, potentially stalling or crashing the process, by providing a specially...