Lucene search
K

25 matches found

Cvelist
Cvelist
added 2021/11/13 12:0 a.m.33 views

CVE-2021-43616

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have bee...

9CVSS9.7AI score0.02534EPSS
Exploits1References10
CVE
CVE
added 2021/11/13 12:0 a.m.203 views

CVE-2021-43616

CVE-2021-43616 describes a behavior in the npm CLI where running the npm ci command (npm 7.x and 8.x up to 8.1.3) proceeds with installation even if dependency information in package-lock.json differs from package.json. The description notes this is inconsistent with the documentation and could a...

9.8CVSS9.3AI score0.02534EPSS
Exploits1References10Affected Software1
Debian CVE
Debian CVE
added 2021/11/13 12:0 a.m.20 views

CVE-2021-43616

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have bee...

9.8CVSS8.3AI score0.02534EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2021/11/13 12:0 a.m.44 views

CVE-2021-43616

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have bee...

9.8CVSS9.6AI score0.02534EPSS
Exploits1
OSV
OSV
added 2021/08/31 4:4 p.m.31 views

GHSA-2H3H-Q99F-3FHC @npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and t...

8.2CVSS6.5AI score0.00576EPSS
Exploits0References6
Rows per page
Query Builder