Denial of Service due to improper handling of malicious package manifest bin keys
Summary
Denial of Service due to improper handling of malicious package manifest bin keys. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-22.
- < 10.34.2
- < 11.5.3
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- 10.34.2
- 11.5.3
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- To mitigate this issue, users should avoid installing pnpm packages from untrusted sources globally. Exercise caution and verify the integrity of packages before global installation to prevent the introduction of malicious manifest bin keys.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.