Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2022/02/03 4:26 p.m.41 views

CVE-2021-43616

A flaw was found in npm. The npm ci command proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation and makes it easier for attackers to install malware that was supposed to have been blocked...

9.8CVSS2.8AI score0.02534EPSS
Exploits1References3
Prion
Prion
added 2021/11/13 6:15 p.m.25 views

Design/Logic Flaw

DISPUTED The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to...

7.5CVSS9.3AI score0.02534EPSS
Exploits1References10Affected Software2
CVE
CVE
added 2021/11/13 12:0 a.m.198 views

CVE-2021-43616

CVE-2021-43616 describes a behavior in the npm CLI where running the npm ci command (npm 7.x and 8.x up to 8.1.3) proceeds with installation even if dependency information in package-lock.json differs from package.json. The description notes this is inconsistent with the documentation and could a...

9.8CVSS9.3AI score0.02534EPSS
Exploits1References10Affected Software1
AlpineLinux
AlpineLinux
added 2021/11/13 12:0 a.m.44 views

CVE-2021-43616

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have bee...

9.8CVSS9.6AI score0.02534EPSS
Exploits1
Rows per page
Query Builder