EUVD-2022-6068

Malicious code in bioql PyPI...

MAL-2024-2830 Malicious code in packs-a (npm)

--- -= Per source details. Do not edit below this line.=-...

Oracle Linux 9 : nodejs / and / nodejs-nodemon (ELSA-2022-6595)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6595 advisory. - Rebase to version 16.16.0 Resolves: RHBZ2106290 Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 Tenable has extracted the...

nodejs: npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace

A flaw was found in npm. This security issue occurs because the npm pack ignores root-level ".gitignore" and ".npmignore" file exclusion directives when run in a workspace or with a workspace flag for example, --workspaces, --workspace=. Anyone who has run 'npm pack' or 'npm publish' inside a...

SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2022:3250-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3250-1 advisory. - npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag...

SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2022:3251-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3251-1 advisory. - npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag...

openSUSE: Security Advisory for nodejs16 (SUSE-SU-2022:3251-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2022:3250-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: - CVE-2022-35949: Fixed SSRF when an application takes in user input into the path/pathname option of undici.request bsc1202382. - CVE-2022-35948: Fixed CRLF injection via Content-Type bsc1202383. - CVE-2022-29244: Fixed npm pack ignores...

SUSE-SU-2022:3196-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: - CVE-2022-35949: Fixed SSRF when an application takes in user input into the path/pathname option of undici.request bsc1202382. - CVE-2022-35948: Fixed CRLF injection via Content-Type bsc1202383. - CVE-2022-29244: Fixed npm pack ignores...

Code injection

npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag ie. --workspaces, --workspace=. Anyone who has run npm pack or npm publish inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published...

CVE-2022-29244

npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag ie. --workspaces, --workspace=. Anyone who has run npm pack or npm publish inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published...

CVE-2022-29244

npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag ie. --workspaces, --workspace=. Anyone who has run npm pack or npm publish inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published...

CVE-2022-29244

CVE-2022-29244: npm pack/publish in a workspace may publish files excluded by root .gitignore/.npmignore. Affected: npm v7.9.0 and v7.13.0; patched in npm v8.11.0. Node.js v16.15.1, v17.19.1, v18.3.0 include the patched npm. Remediation: upgrade npm to the latest (npm i -g npm@latest).

CVE-2022-29244 npm packing does not respect root-level ignore files in workspaces

npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag ie. --workspaces, --workspace=. Anyone who has run npm pack or npm publish inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published...

GHSA-HJ9C-8JMM-8C52 Packing does not respect root-level ignore files in workspaces

Impact npm pack ignores root-level .gitignore & .npmignore file exclusion directives when run in a workspace or with a workspace flag ie. --workspaces, --workspace=. Anyone who has run npm pack or npm publish with workspaces, as of v7.9.0 & v7.13.0 respectively, may be affected and have published...