17 matches found
CVE-2026-9496
Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing...
Linux Distros Unpatched Vulnerability : CVE-2026-9496
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by...
SUSE CVE-2026-9496
Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function's regex replacement and string-manipulation logic, causing...
CVE-2026-9496
Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing...
DEBIAN-CVE-2026-9496
Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing...
UBUNTU-CVE-2026-9496
Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing...
CVE-2026-9496
Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing...
CVE-2026-9496
Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing...
CVE-2026-9496
CVE-2026-9496 affects the npm package pacote
CVE-2026-9496
Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing...
EUVD-2026-31793
Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing...
CVE-2026-9496
Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing...
PT-2026-43191
Name of the Vulnerable Software and Affected Versions pacote versions 11.2.7 and later Description A Regular Expression Denial of Service ReDoS exists in the addGitSha function. An attacker can cause excessive CPU consumption, potentially stalling or crashing the process, by providing a specially...
pacote 安全漏洞
pacote is a npm open-source tool that retrieves package lists and compressed packages from the npm repository. Version pacote 11.2.7 has a security vulnerability. This vulnerability stems from the addGitSha function, which may lead to a denial-of-service attack. Attackers can trigger this functio...
Denial of Service (DoS)
Overview pacote is a JavaScript package downloader Affected versions of this package are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement an...
Denial of Service (DoS)
Overview org.webjars.npm:pacote is a JavaScript package downloader Affected versions of this package are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s rege...
@angular/cli (=9.1.0-next.3), @schematics/update (=0.901.0-next.3) +1 more potentially affected by unknown CVE via @npmcli/git (=1.0.1)
@npmcli/git NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @npmcli/git and may be impacted: - @angular/cli =9.1.0-next.3 - @schematics/update =0.901.0-next.3 - pacote =11.1.1 Source cves: unknown CVE Source advisory:...