2 matches found
CVE-2026-50014 pnpm: Git Fetch Argument Injection via Lockfile resolution.commit
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected...
PT-2023-10812
Name of the Vulnerable Software and Affected Versions roxlukas LMeve versions up to 0.1.58 Description A critical issue affects the function insert log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to SQL injection. Recommendations For versions up to 0.1.58,...