2 matches found
CVE-2026-50015
A flaw was found in pnpm. An attacker can exploit this by contributing a malicious patch file through a pull request. During the pnpm install process, the patch application pipeline fails to validate file paths extracted from these patch files. This allows the attacker to write or delete arbitrar...
CVE-2026-48547
KanaDojo contains a command injection vulnerability that allows an attacker with pull request access to execute arbitrary shell commands by inserting shell metacharacters into the version or changes fields of patchNotesData.json, which are interpolated unsanitized into a childprocess.execSync cal...