3 matches found
@agrada_digital/pbm (>=0.0.88 <=0.2.7), @bella-ui/components (>=1.0.0 <=1.0.10) +200 more potentially affected by CVE-2022-26183 via pnpm (>=0.21.0 <=5.18.10)
pnpm NPM version =0.21.0, =0.0.88, =1.0.0, =0.1.5, =1.0.0, =1.0.0, =0.2.2, =2.1.1, =0.1.16, =0.2.1, =0.1.0, =0.1.0, =0.8.2 and more Source cves: CVE-2022-26183 Source advisory: OSV:GHSA-9M87-6FJ3-C5XH...
CVE-2022-26183
PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS...
CVE-2022-26183
CVE-2022-26183 affects PNPM v6.15.1 and earlier on Windows, due to an untrusted search path that can cause the application to behave unexpectedly when run in directories containing malicious content. Root cause: untrusted search path in PNPM execution. Impact is described as abnormal behavior on ...