5 matches found
SUSE CVE-2023-37478
pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can result in a package that appears safe on the npm registry or when installed via...
@emberai/agent-node (>=1.1.0 <=1.2.0), @pnpm/beta (>=0.0.1-6 <=0.0.6-6.17.0) +1 more potentially affected by CVE-2023-37478 via @pnpm/macos-x64 (>=0.0.1-0 <=7.33.3)
@pnpm/macos-x64 NPM version =0.0.1-0, =1.1.0, =0.0.1-6, =6.17.1, =11.0.4 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...
@pnpm/exe (>=8.0.0 <=8.15.9) potentially affected by CVE-2023-37478 via @pnpm/macos-arm64 (>=8.0.0 <=8.6.7)
@pnpm/macos-arm64 NPM version =8.0.0, =8.0.0, =8.15.9 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...
@pnpm/exe (>=8.0.0 <=8.15.9) potentially affected by CVE-2023-37478 via @pnpm/win-x64 (>=8.0.0 <=8.6.7)
@pnpm/win-x64 NPM version =8.0.0, =8.0.0, =8.15.9 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...
@emberai/agent-node (>=1.1.0 <=1.2.0), @pnpm/beta (>=0.0.0 <=0.0.6-6.17.0) +1 more potentially affected by CVE-2023-37478 via @pnpm/win-x64 (>=0.0.0 <=7.33.3)
@pnpm/win-x64 NPM version =0.0.0, =1.1.0, =0.0.0, =6.17.1, =11.5.3 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...