Security Advisory

CVE-2025-4759

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-16 05:00:04

Last updated 2025-05-16 17:39:24

Assigner snyk

State PUBLISHED

Description

Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by extending the package name allowing an attacker to install other npm packages than the intended one.

← Browse all CVEs View on cve.org ↗