icon

We found results for “

CVE-2024-47829

Good to know:

icon

Date: April 23, 2025

pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name /node_modoules/, there are no version numbers for the libraries they refer to. This issue has been patched in version 10.0.0.

Severity Score

Severity Score

Weakness Type (CWE)

Use of Weak Hash

CWE-328

Top Fix

icon

Upgrade Version

Upgrade to version pnpm - 10.0.0;https://github.com/pnpm/pnpm.git - v10.0.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

Do you need more information?

Contact Us