/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CVE-2024-47829

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-47829

Severity

6.5

Medium

CVSS V3

Description

pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name /node_modoules/, there are no version numbers for the libraries they refer to. This issue has been patched in version 10.0.0.

References

  • https://images.chainguard.dev/security/CGA-23g2-q2v3-jv38

Affected packages


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing