Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2025/05/16 6:30 a.m.26 views

lockfile-lint-api Vulnerable to Incorrect Behavior Order

Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by extending the package name allowing an attacker to install other npm packages than the intended one...

8.3CVSS6.8AI score0.00352EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2025/05/16 5:15 a.m.11 views

CVE-2025-4759

Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by extending the package name allowing an attacker to install other npm packages than the intended one...

5.3CVSS6.7AI score
Exploits0References5
NVD
NVD
added 2025/05/16 5:15 a.m.20 views

CVE-2025-4759

Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by extending the package name allowing an attacker to install other npm packages than the intended one...

8.3CVSS0.00352EPSS
Exploits1References5
CVE
CVE
added 2025/05/16 5:0 a.m.57 views

CVE-2025-4759

CVE-2025-4759 affects the lockfile-lint-api package. The root cause is an incorrect behavior order in URL validation (the resolved attribute) that can be bypassed by extending the package name, allowing installation of other npm packages beyond the intended one. Reported impact includes potential...

8.3CVSS8.3AI score0.00352EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/16 12:0 a.m.5 views

PT-2025-21607 · Npm · Lockfile-Lint-Api

Name of the Vulnerable Software and Affected Versions: lockfile-lint-api versions prior to 5.9.2 Description: The issue concerns incorrect behavior order, specifically early validation, via the resolved attribute of the package URL validation. This can be bypassed by extending the package name,...

8.3CVSS6.2AI score0.00352EPSS
Exploits1References16
Rows per page
Query Builder