10 matches found
EUVD-2025-12168
Malicious code in bioql PyPI...
SUSE CVE-2024-47829
pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name...
CVE-2024-47829
pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name...
CVE-2024-47829 pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting
pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name...
CVE-2024-47829 pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting
pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name...
CVE-2024-47829
CVE-2024-47829 affects pnpm versions prior to 10.0.0, where the path shortening function uses MD5 and can cause two different libraries to map to the same storage path under node_modules. The issue is fixed in 10.0.0. Fedora advisories recommend upgrading pnpm to 10.9.0 to address this CVE; other...
GHSA-8CC4-RFJ6-FHG4 pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting
The path shortening function is used in pnpm: export function depPathToFilename depPath: string, maxLengthWithoutHash: number: string let filename = depPathToFilenameUnescapeddepPath.replace/\/:?"|/g, '+' if filename.includes'' filename = filename .replace/$/, '' .replace/\||/g, '' if...
pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting
The path shortening function is used in pnpm: export function depPathToFilename depPath: string, maxLengthWithoutHash: number: string let filename = depPathToFilenameUnescapeddepPath.replace/\/:?"|/g, '+' if filename.includes'' filename = filename .replace/$/, '' .replace/\||/g, '' if...
pnpm 安全漏洞
pnpm is a package manager in the pnpm open source. A security vulnerability exists in pnpm versions prior to 10.0.0, which stems from the use of md5 by the path shortening function that may lead to a conflict between different library storage paths...
PT-2025-17640
Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.0.0 Description The issue is related to the path shortening function in pnpm, which uses the md5 function as a compression function. If a collision occurs, it can result in the same storage path for two different...