4 matches found
SUSE CVE-2021-43616
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have bee...
CentOS 8 : nodejs:16 (CESA-2022:4796)
The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2022:4796 advisory. - npm: npm ci succeeds when package-lock.json doesn't match package.json CVE-2021-43616 Note that Nessus has not tested for this issue but has instead relied on...
CVE-2021-43616
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have bee...
CVE-2021-43616
CVE-2021-43616 describes a behavior in the npm CLI where running the npm ci command (npm 7.x and 8.x up to 8.1.3) proceeds with installation even if dependency information in package-lock.json differs from package.json. The description notes this is inconsistent with the documentation and could a...