Lucene search
+L

5 matches found

susecve
susecve
added 2026/01/09 12:44 a.m.5 views

SUSE CVE-2023-37478

pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can result in a package that appears safe on the npm registry or when installed via...

9.8CVSS6.9AI score0.00941EPSS
Exploits1References3
vulnersosv
vulnersosv
added 2023/08/01 5:0 p.m.7 views

@emberai/agent-node (>=1.1.0 <=1.2.0), @pnpm/beta (>=0.0.1-6 <=0.0.6-6.17.0) +1 more potentially affected by CVE-2023-37478 via @pnpm/macos-x64 (>=0.0.1-0 <=7.33.3)

@pnpm/macos-x64 NPM version =0.0.1-0, =1.1.0, =0.0.1-6, =6.17.1, =11.0.4 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...

9.8CVSS7.2AI score0.00941EPSS
Exploits1
vulnersosv
vulnersosv
added 2023/08/01 5:0 p.m.7 views

@pnpm/exe (>=8.0.0 <=8.15.9) potentially affected by CVE-2023-37478 via @pnpm/macos-arm64 (>=8.0.0 <=8.6.7)

@pnpm/macos-arm64 NPM version =8.0.0, =8.0.0, =8.15.9 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...

9.8CVSS7.2AI score0.00941EPSS
Exploits1
vulnersosv
vulnersosv
added 2023/08/01 5:0 p.m.5 views

@pnpm/exe (>=8.0.0 <=8.15.9) potentially affected by CVE-2023-37478 via @pnpm/win-x64 (>=8.0.0 <=8.6.7)

@pnpm/win-x64 NPM version =8.0.0, =8.0.0, =8.15.9 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...

9.8CVSS7.2AI score0.00941EPSS
Exploits1
vulnersosv
vulnersosv
added 2023/08/01 5:0 p.m.15 views

@emberai/agent-node (>=1.1.0 <=1.2.0), @pnpm/beta (>=0.0.0 <=0.0.6-6.17.0) +1 more potentially affected by CVE-2023-37478 via @pnpm/win-x64 (>=0.0.0 <=7.33.3)

@pnpm/win-x64 NPM version =0.0.0, =1.1.0, =0.0.0, =6.17.1, =11.5.3 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...

9.8CVSS7.2AI score0.00941EPSS
Exploits1
Rows per page
Query Builder