Skip to main content

Next Generation Application Programming Interface

1 CVEs product

Monthly

CVE-2021-43616 CRITICAL POC PATCH Act Now

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Information Disclosure npm Next Generation Application Programming Interface Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Information Disclosure npm +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy