Filtered by vendor Npmjs
Subscriptions
Filtered by product Pacote
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9496 | 1 Npmjs | 1 Pacote | 2026-05-27 | 7.5 High |
| Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing excessive CPU consumption and potentially stalling or crashing the process. | ||||
Page 1 of 1.