12 matches found
Fedora 42 : nodejs-bash-language-server / nodejs-pnpm (2025-69a1acbbc0)
The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-69a1acbbc0 advisory. Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language-server to version 5.6.0 Tenable has extracted the preceding description block...
Fedora: Security Advisory (FEDORA-2025-d4cc30bdfb)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-69a1acbbc0)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-f68a9b835d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 40 : nodejs-bash-language-server / nodejs-pnpm (2025-f68a9b835d)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-f68a9b835d advisory. Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language-server to version 5.6.0 Tenable has extracted the preceding description block...
Fedora 41 : nodejs-bash-language-server / nodejs-pnpm (2025-d4cc30bdfb)
The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-d4cc30bdfb advisory. Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language-server to version 5.6.0 Tenable has extracted the preceding description block...
CVE-2024-47829
A flaw was found in the pnpm package manager. In the affected versions, the path shortening function utilizes the MD5 hashing algorithm for compressing paths. If a collision occurs, this can lead to two different libraries being stored in the same path. Although the real names of these libraries...
CVE-2024-47829
pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name...
CVE-2024-47829 pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting
pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name...
CVE-2024-47829
CVE-2024-47829 affects pnpm versions prior to 10.0.0, where the path shortening function uses MD5 and can cause two different libraries to map to the same storage path under node_modules. The issue is fixed in 10.0.0. Fedora advisories recommend upgrading pnpm to 10.9.0 to address this CVE; other...
CVE-2024-47829 pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting
pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name...
@conglomerate/weaver (>=2.1.1 <=2.6.1), @derivative/derive (>=0.1.0 <=0.1.1) +2 more potentially affected by CVE-2024-47829 via pnpm (>=0.21.0 <=0.60.3)
pnpm NPM version =0.21.0, =2.1.1, =0.1.0, =2.3.0, =0.1.0, =0.3.0 Source cves: CVE-2024-47829 Source advisory: OSV:GHSA-8CC4-RFJ6-FHG4...