Lucene search
K

5 matches found

OSV
OSV
added 2026/05/26 7:16 a.m.7 views

DEBIAN-CVE-2026-9496

Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation...

8.7CVSS7.1AI score0.00346EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 5:0 a.m.89 views

CVE-2026-9496

CVE-2026-9496 affects the npm package pacote

8.7CVSS7.1AI score0.00346EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/26 5:0 a.m.48 views

CVE-2026-9496

Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation...

8.7CVSS0.00346EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.8 views

pacote 安全漏洞

pacote is a npm open-source tool that retrieves package lists and compressed packages from the npm repository. Version pacote 11.2.7 has a security vulnerability. This vulnerability stems from the addGitSha function, which may lead to a denial-of-service attack. Attackers can trigger this functio...

8.7CVSS5.7AI score0.00346EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.12 views

PT-2026-43191

Name of the Vulnerable Software and Affected Versions pacote versions 11.2.7 and later Description A Regular Expression Denial of Service ReDoS exists in the addGitSha function. An attacker can cause excessive CPU consumption, potentially stalling or crashing the process, by providing a specially...

8.7CVSS5.8AI score0.00346EPSS
Exploits0References83
Rows per page
Query Builder