{"uuid": "c7bd653d-4850-4abd-890b-7a49dbb6145e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37478", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5562", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-37478 showcases how a difference in npm and pnpm install packages that could be exploited by a well crafted tar.gz packge. This repo shows a demo. \nURL\uff1ahttps://github.com/TrevorGKann/CVE-2023-37478_npm_vs_pnpm\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-10-25T22:39:55.000000Z"}