Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-29244

Published: 13/06/2022 Updated: 27/10/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Npm

Vulnerability Summary

npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published files into the npm registry they did not intend to include. Users should upgrade to the latest, patched version of npm v8.11.0, run: npm i -g npm@latest . Node.js versions v16.15.1, v17.19.1, and v18.3.0 include the patched v8.11.0 version of npm.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

npmjs npm

netapp ontap select deploy administration utility -

Vendor Advisories

Red Hat: Moderate: nodejs and nodejs-nodemon security and bug fix update
Synopsis Moderate: nodejs and nodejs-nodemon security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9Red Hat Produ ...
Red Hat:
npm pack ignores root-level gitignore and npmignore file exclusion directives when run in a workspace or with a workspace flag (ie `--workspaces`, `--workspace=&lt;name&gt;`) Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v790 and v7130 respectively, may be affected and have published files into the npm registry th ...

References

CWE-200https://github.com/nodejs/node/pull/43210https://github.com/nodejs/node/releases/tag/v18.3.0https://github.com/npm/cli/security/advisories/GHSA-hj9c-8jmm-8c52https://github.com/npm/cli/tree/latest/workspaces/libnpmpackhttps://github.com/nodejs/node/releases/tag/v17.9.1https://github.com/npm/npm-packlisthttps://github.com/npm/cli/tree/latest/workspaces/libnpmpublishhttps://github.com/npm/cli/releases/tag/v8.11.0https://github.com/nodejs/node/releases/tag/v16.15.1https://security.netapp.com/advisory/ntap-20220722-0007/https://access.redhat.com/errata/RHSA-2022:6595https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook