4 matches found
PT-2026-51119
Name of the Vulnerable Software and Affected Versions @cyclonedx/cyclonedx-npm versions 2.1.0 through 4.x Description Command injection occurs when the CLI is invoked with the --workspace option while the environment variable npm execpath is unset or empty. In this scenario, user-supplied values...
EUVD-2022-6068
Malicious code in bioql PyPI...
CVE-2022-29244
npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag ie. --workspaces, --workspace=. Anyone who has run npm pack or npm publish inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published...
CVE-2022-29244 npm packing does not respect root-level ignore files in workspaces
npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag ie. --workspaces, --workspace=. Anyone who has run npm pack or npm publish inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published...