
We found results for “”
CVE-2024-47829
Good to know:

Date: April 23, 2025
pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name /node_modoules/, there are no version numbers for the libraries they refer to. This issue has been patched in version 10.0.0.
Severity Score
Severity Score
Weakness Type (CWE)
Use of Weak Hash
CWE-328Top Fix

Upgrade Version
Upgrade to version pnpm - 10.0.0;https://github.com/pnpm/pnpm.git - v10.0.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | LOW |