Oval Definition:oval:org.opensuse.security:def:202229244
Revision Date:2022-09-02Version:1
Title:CVE-2022-29244
Description:

npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published files into the npm registry they did not intend to include. Users should upgrade to the latest, patched version of npm v8.11.0, run: npm i -g npm@latest . Node.js versions v16.15.1, v17.19.1, and v18.3.0 include the patched v8.11.0 version of npm.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2022-29244
SUSE CVE-2022-29244
Platform(s):SUSE Linux Enterprise Server for SAP Applications 15 SP2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • AND Package Information
  • nodejs10 is not affected
  • OR nodejs10-devel is not affected
  • OR nodejs10-docs is not affected
  • OR npm10 is not affected
  • OR nodejs12 is not affected
  • OR nodejs12-devel is not affected
  • OR nodejs12-docs is not affected
  • OR npm12 is not affected
  • OR nodejs14 is not affected
  • OR nodejs14-devel is not affected
  • OR nodejs14-docs is not affected
  • OR npm14 is not affected
  • OR nodejs8 is not affected
  • OR nodejs8-devel is not affected
  • OR nodejs8-docs is not affected
  • OR npm8 is not affected
    • BACK