Lucene search
+L

9 matches found

redhatcve
redhatcve
added 2026/07/06 1:22 p.m.8 views

CVE-2026-50021

A flaw was found in pnpm, a package manager. An attacker who can modify the pnpm-lock.yaml file and control the package registry can exploit this vulnerability. By removing the integrity field from the lockfile and serving altered package content, the pnpm install --frozen-lockfile command can...

8.1CVSS6.3AI score0.00126EPSS
Exploits1References4
euvd
euvd
added 2026/06/26 10:53 p.m.11 views

EUVD-2026-39488

pnpm Has an Integrity Check Bypass via Missing Lockfile Integrity Field...

6.8CVSS5.8AI score0.00126EPSS
Exploits1References2
github
github
added 2026/06/26 10:53 p.m.7 views

pnpm Has an Integrity Check Bypass via Missing Lockfile Integrity Field

Summary pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL to serve altered package content, pnpm install...

8.1CVSS5.8AI score0.00126EPSS
Exploits1References3Affected Software1
nvd
nvd
added 2026/06/25 6:16 p.m.10 views

CVE-2026-50021

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL...

8.1CVSS0.00126EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/06/25 4:48 p.m.7 views

CVE-2026-50021

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL...

6.8CVSS5.9AI score0.00126EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2026/06/25 4:48 p.m.37 views

CVE-2026-50021 pnpm: Integrity Check Bypass via Missing Lockfile Integrity Field

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL...

6.8CVSS0.00126EPSS
Exploits1References1
osv
osv
added 2026/06/25 4:48 p.m.3 views

CVE-2026-50021 pnpm: Integrity Check Bypass via Missing Lockfile Integrity Field

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL...

6.8CVSS6AI score0.00126EPSS
Exploits1References3
cve
cve
added 2026/06/25 4:48 p.m.26 views

CVE-2026-50021

pnpm has an integrity check bypass when the integrity field is missing from the lockfile. Concrete details from the connected docs show that prior to versions 10.34.0 and 11.4.0, pnpm’s tarball extraction worker skips tarball hash verification if integrity is undefined, allowing an attacker who c...

8.1CVSS5.9AI score0.00126EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.26 views

PT-2026-52517

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description The tarball extraction worker in the pnpm package manager fails to perform integrity verification when the integrity field is missing from the lockfile resolution. This...

6.8CVSS5.8AI score0.00126EPSS
Exploits1References6
Rows per page
Query Builder