Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:12 p.m.7 views

CVE-2022-29256

sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. If an attacker has the ability to set the value of the PKGCONFIGPATH...

6.7CVSS6.7AI score0.0037EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/06/01 7:58 p.m.8 views

10secondsofcode-custom (=1.0.0), 11ty-dither (>=0.0.1 <=0.0.8) +4019 more potentially affected by CVE-2022-29256 via sharp (>=0.10.1 <=0.30.4)

sharp NPM version =0.10.1, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.1, =4.11.0, =1.0.0, =0.16.0, =0.1.0, =1.0.1-beta.1 and more Source cves: CVE-2022-29256 Source advisory: OSV:GHSA-GP95-PPV5-3JC5...

6.7CVSS6.6AI score0.0037EPSS
Exploits0
OSV
OSV
added 2022/05/25 9:20 p.m.24 views

CVE-2022-29256 Possible vulnerability at 'npm install' time in sharp if an attacker has control over build environment

sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. If an attacker has the ability to set the value of the PKGCONFIGPATH...

6.5CVSS6.4AI score0.0037EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/05/25 9:20 p.m.39 views

CVE-2022-29256 Possible vulnerability at 'npm install' time in sharp if an attacker has control over build environment

sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. If an attacker has the ability to set the value of the PKGCONFIGPATH...

6.5CVSS6.7AI score0.0037EPSS
Exploits0References2
CVE
CVE
added 2022/05/25 9:20 p.m.89 views

CVE-2022-29256

CVE-2022-29256 affects sharp (Node.js image processing) versions prior to 0.30.5. If an attacker can control PKG_CONFIG_PATH in the build environment, they may inject arbitrary commands at npm install time (not a runtime issue; Windows builds are not affected). The issue is fixed in sharp v0.30.5...

6.7CVSS6.4AI score0.0037EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder