MEDIUM🇵🇱 Wersja polska

CVE-2025-4759

CVSS 5.5v4.0pub. 2025-05-16upd. 2025-06-03

Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by extending the package name allowing an attacker to install other npm packages than the intended one.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Lirantal Lockfile Lint Api

    APP
    Lirantal
    < 5.9.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References