npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published files into the npm registry they did not intend to include. Users should upgrade to the latest, patched version of npm v8.11.0, run: npm i -g npm@latest . Node.js versions v16.15.1, v17.19.1, and v18.3.0 include the patched v8.11.0 version of npm.
References
Link | Resource |
---|---|
https://github.com/nodejs/node/pull/43210 | Patch Third Party Advisory |
https://github.com/nodejs/node/releases/tag/v16.15.1 | Release Notes Third Party Advisory |
https://github.com/nodejs/node/releases/tag/v17.9.1 | Release Notes Third Party Advisory |
https://github.com/nodejs/node/releases/tag/v18.3.0 | Release Notes Third Party Advisory |
https://github.com/npm/cli/releases/tag/v8.11.0 | Release Notes Third Party Advisory |
https://github.com/npm/cli/security/advisories/GHSA-hj9c-8jmm-8c52 | Third Party Advisory |
https://github.com/npm/cli/tree/latest/workspaces/libnpmpack | Product Third Party Advisory |
https://github.com/npm/cli/tree/latest/workspaces/libnpmpublish | Product Third Party Advisory |
https://github.com/npm/npm-packlist | Product Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220722-0007/ | Third Party Advisory |
Configurations
History
27 Oct 2022, 16:25
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220722-0007/ - Third Party Advisory | |
First Time |
Netapp
Netapp ontap Select Deploy Administration Utility |
|
CPE | cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* |
22 Jul 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-200 | |
References |
|
27 Jun 2022, 15:51
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:npmjs:npm:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (MISC) https://github.com/npm/cli/tree/latest/workspaces/libnpmpack - Product, Third Party Advisory | |
References | (MISC) https://github.com/nodejs/node/releases/tag/v16.15.1 - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/nodejs/node/pull/43210 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/nodejs/node/releases/tag/v17.9.1 - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/nodejs/node/releases/tag/v18.3.0 - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/npm/npm-packlist - Product, Third Party Advisory | |
References | (MISC) https://github.com/npm/cli/tree/latest/workspaces/libnpmpublish - Product, Third Party Advisory | |
References | (MISC) https://github.com/npm/cli/releases/tag/v8.11.0 - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/npm/cli/security/advisories/GHSA-hj9c-8jmm-8c52 - Third Party Advisory | |
CWE | NVD-CWE-noinfo | |
First Time |
Npmjs
Npmjs npm |
13 Jun 2022, 14:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-13 14:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-29244
Mitre link : CVE-2022-29244
CVE.ORG link : CVE-2022-29244
JSON object : View
Products Affected
netapp
- ontap_select_deploy_administration_utility
npmjs
- npm
CWE