5 matches found
DEBIAN-CVE-2026-9496
Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing...
CVE-2026-9496
CVE-2026-9496 affects the npm package pacote
CVE-2026-9496
Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing...
pacote 安全漏洞
pacote is a npm open-source tool that retrieves package lists and compressed packages from the npm repository. Version pacote 11.2.7 has a security vulnerability. This vulnerability stems from the addGitSha function, which may lead to a denial-of-service attack. Attackers can trigger this functio...
PT-2026-43191
Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing...