Netapp - Next Generation Application Programming Interface CVE

Filtered by vendor Netapp Subscribe

Filtered by product Next Generation Application Programming Interface

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-43616	2 Netapp, Npmjs	2 Next Generation Application Programming Interface, Npm	2022-02-19	7.5 HIGH	9.8 CRITICAL
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json.

Vulnerabilities (CVE)