Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 8 : nodejs:16 (AXSA:2022-3781:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3781:01 advisory. npm: npm ci succeeds when package-lock.json doesn't match package.json CVE-2021-43616 Tenable has extracted the preceding description block directly from the...

9.8CVSS8.5AI score0.02534EPSS
Exploits1References2
OSV
OSV
added 2021/11/13 6:15 p.m.1 views

DEBIAN-CVE-2021-43616

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have bee...

9.8CVSS7.5AI score0.02534EPSS
Exploits1References1
OSV
OSV
added 2021/11/13 6:15 p.m.2 views

UBUNTU-CVE-2021-43616

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have bee...

9.8CVSS7AI score0.02534EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2021/11/13 12:0 a.m.4 views

PT-2021-23891 · Npm +5 · Npm +5

Name of the Vulnerable Software and Affected Versions: npm versions 7.x through 8.1.3 Description: The npm ci command proceeds with an installation even if dependency information in package-lock.json differs from package.json, which is inconsistent with the documentation. This behavior makes it...

9.8CVSS8.2AI score0.02534EPSS
Exploits1References46
Rows per page
Query Builder