admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-261xx/CVE-2022-26183.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

155 lines
4.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-26183",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-03-21T22:15:07.987",
"lastModified": "2024-11-21T06:53:33.847",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS."
},
{
"lang": "es",
"value": "Se ha detectado que PNPM versi\u00f3n v6.15.1 y anteriores, contiene una ruta de b\u00fasqueda no confiable que causa a la aplicaci\u00f3n comportarse de manera no esperada cuando usuarios ejecutan comandos de PNPM en un directorio que contiene contenido malicioso. Esta vulnerabilidad es producida cuando la aplicaci\u00f3n es ejecutada en el Sistema Operativo Windows"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-426"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pnpm:pnpm:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "6.15.1",
"matchCriteriaId": "9B897CD0-4634-457B-B9C4-49B71072636F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pnpm/pnpm/commit/04b7f60861ddee8331e50d70e193d1e701abeefb",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pnpm/pnpm/releases/tag/v6.15.1",
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.sonarsource.com/blog/securing-developer-tools-package-managers/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/pnpm/pnpm/commit/04b7f60861ddee8331e50d70e193d1e701abeefb",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pnpm/pnpm/releases/tag/v6.15.1",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.sonarsource.com/blog/securing-developer-tools-package-managers/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink