5 matches found
CVE-2022-29256
sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. If an attacker has the ability to set the value of the PKGCONFIGPATH...
10secondsofcode-custom (=1.0.0), 11ty-dither (>=0.0.1 <=0.0.8) +4019 more potentially affected by CVE-2022-29256 via sharp (>=0.10.1 <=0.30.4)
sharp NPM version =0.10.1, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.1, =4.11.0, =1.0.0, =0.16.0, =0.1.0, =1.0.1-beta.1 and more Source cves: CVE-2022-29256 Source advisory: OSV:GHSA-GP95-PPV5-3JC5...
CVE-2022-29256 Possible vulnerability at 'npm install' time in sharp if an attacker has control over build environment
sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. If an attacker has the ability to set the value of the PKGCONFIGPATH...
CVE-2022-29256 Possible vulnerability at 'npm install' time in sharp if an attacker has control over build environment
sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. If an attacker has the ability to set the value of the PKGCONFIGPATH...
CVE-2022-29256
CVE-2022-29256 affects sharp (Node.js image processing) versions prior to 0.30.5. If an attacker can control PKG_CONFIG_PATH in the build environment, they may inject arbitrary commands at npm install time (not a runtime issue; Windows builds are not affected). The issue is fixed in sharp v0.30.5...