Lucene search
+L

12 matches found

nessus
nessus
added 2025/07/08 12:0 a.m.5 views

Fedora 42 : nodejs-bash-language-server / nodejs-pnpm (2025-69a1acbbc0)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-69a1acbbc0 advisory. Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language-server to version 5.6.0 Tenable has extracted the preceding description block...

6.5CVSS6.5AI score0.00204EPSS
Exploits1References2
openvas
openvas
added 2025/05/26 12:0 a.m.6 views

Fedora: Security Advisory (FEDORA-2025-d4cc30bdfb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.7AI score0.00204EPSS
Exploits1References3
openvas
openvas
added 2025/05/26 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2025-69a1acbbc0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.7AI score0.00204EPSS
Exploits1References3
openvas
openvas
added 2025/05/05 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2025-f68a9b835d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.7AI score0.00204EPSS
Exploits1References3
nessus
nessus
added 2025/05/03 12:0 a.m.8 views

Fedora 40 : nodejs-bash-language-server / nodejs-pnpm (2025-f68a9b835d)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-f68a9b835d advisory. Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language-server to version 5.6.0 Tenable has extracted the preceding description block...

6.5CVSS6.5AI score0.00204EPSS
Exploits1References2
nessus
nessus
added 2025/05/03 12:0 a.m.6 views

Fedora 41 : nodejs-bash-language-server / nodejs-pnpm (2025-d4cc30bdfb)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-d4cc30bdfb advisory. Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language-server to version 5.6.0 Tenable has extracted the preceding description block...

6.5CVSS6.5AI score0.00204EPSS
Exploits1References2
redhatcve
redhatcve
added 2025/04/24 4:55 a.m.11 views

CVE-2024-47829

A flaw was found in the pnpm package manager. In the affected versions, the path shortening function utilizes the MD5 hashing algorithm for compressing paths. If a collision occurs, this can lead to two different libraries being stored in the same path. Although the real names of these libraries...

6.5CVSS6.3AI score0.00204EPSS
Exploits1References4
nvd
nvd
added 2025/04/23 4:15 p.m.11 views

CVE-2024-47829

pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name...

6.5CVSS0.00204EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/04/23 3:42 p.m.4 views

CVE-2024-47829 pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting

pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name...

6.5CVSS7AI score0.00204EPSS
Exploits1References1
cve
cve
added 2025/04/23 3:42 p.m.81 views

CVE-2024-47829

CVE-2024-47829 affects pnpm versions prior to 10.0.0, where the path shortening function uses MD5 and can cause two different libraries to map to the same storage path under node_modules. The issue is fixed in 10.0.0. Fedora advisories recommend upgrading pnpm to 10.9.0 to address this CVE; other...

6.5CVSS6.5AI score0.00204EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2025/04/23 3:42 p.m.87 views

CVE-2024-47829 pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting

pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name...

6.5CVSS0.00204EPSS
Exploits1References1
vulnersosv
vulnersosv
added 2025/04/23 2:5 p.m.8 views

@conglomerate/weaver (>=2.1.1 <=2.6.1), @derivative/derive (>=0.1.0 <=0.1.1) +2 more potentially affected by CVE-2024-47829 via pnpm (>=0.21.0 <=0.60.3)

pnpm NPM version =0.21.0, =2.1.1, =0.1.0, =2.3.0, =0.1.0, =0.3.0 Source cves: CVE-2024-47829 Source advisory: OSV:GHSA-8CC4-RFJ6-FHG4...

6.5CVSS6.5AI score0.00204EPSS
Exploits1
Rows per page
Query Builder