CVE-2022-29244

Published: Jun 13, 2022Modified: Apr 23, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published files into the npm registry they did not intend to include. Users should upgrade to the latest, patched version of npm v8.11.0, run: npm i -g npm@latest . Node.js versions v16.15.1, v17.19.1, and v18.3.0 include the patched v8.11.0 version of npm.

Affected (2)

Products: Npmjs: Npm · Netapp: Ontap Select Deploy Administration Utility

1 product

1 product

Ontap Select Deploy Administration Utility

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Npmjs Npm	From 7.9.0 to 8.11.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Ontap Select Deploy Administration Utility	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (20)

https://github.com/nodejs/node/pull/43210

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/nodejs/node/releases/tag/v16.15.1

Source: security-advisories@github.com

Release NotesThird Party Advisory

https://github.com/nodejs/node/releases/tag/v17.9.1

Source: security-advisories@github.com

Release NotesThird Party Advisory

https://github.com/nodejs/node/releases/tag/v18.3.0

Source: security-advisories@github.com

Release NotesThird Party Advisory

https://github.com/npm/cli/releases/tag/v8.11.0

Source: security-advisories@github.com

Release NotesThird Party Advisory

https://github.com/npm/cli/security/advisories/GHSA-hj9c-8jmm-8c52

Source: security-advisories@github.com

Third Party Advisory

https://github.com/npm/cli/tree/latest/workspaces/libnpmpack

Source: security-advisories@github.com

ProductThird Party Advisory

https://github.com/npm/cli/tree/latest/workspaces/libnpmpublish

Source: security-advisories@github.com

ProductThird Party Advisory

https://github.com/npm/npm-packlist

Source: security-advisories@github.com

ProductThird Party Advisory

https://security.netapp.com/advisory/ntap-20220722-0007/

Source: security-advisories@github.com

Third Party Advisory

https://github.com/nodejs/node/pull/43210

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/nodejs/node/releases/tag/v16.15.1

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/nodejs/node/releases/tag/v17.9.1

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/nodejs/node/releases/tag/v18.3.0

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/npm/cli/releases/tag/v8.11.0

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/npm/cli/security/advisories/GHSA-hj9c-8jmm-8c52

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/npm/cli/tree/latest/workspaces/libnpmpack

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

https://github.com/npm/cli/tree/latest/workspaces/libnpmpublish

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

https://github.com/npm/npm-packlist

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

https://security.netapp.com/advisory/ntap-20220722-0007/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.