CVE Alert: CVE-2024-47829

April 25, 2025
image 1

Vulnerability Summary: CVE-2024-47829

pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name /node_modoules/, there are no version numbers for the libraries they refer to. This issue has been patched in version 10.0.0.

Affected Endpoints:

No affected endpoints listed.

Published Date:

4/23/2025, 4:15:29 PM

⚠️ CVSS Score:

CVSS v3 Score: 6.5 (Medium)

Exploit Status:

Not Exploited

References:

Recommended Action:

No proposed action available. Please refer to vendor documentation for updates.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: , ,

You may have missed

unlock_membership

Mastering Blockchain Security Strategies for a Safer Digital Future

April 25, 2025
image

[LYNX] – Ransomware Victim: impactcanada[.]com

April 25, 2025
image

[LYNX] – Ransomware Victim: pay4freight[.]com

April 25, 2025
image

[LYNX] – Ransomware Victim: greatplainstransport[.]com

April 25, 2025
image

CVE Alert: CVE-2025-1054

April 25, 2025