Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-37478 PoC — pnpm 访问控制错误漏洞

Source
https://github.com/li-minhao/CVE-2023-37478-Demo
Associated Vulnerability
Title:pnpm 访问控制错误漏洞 (CVE-2023-37478)
Description:Github PNPM是快速、节省磁盘空间的包管理器。 pnpm 7.33.4 之前版本和 8.6.8之前版本存在访问控制错误漏洞,该漏洞源于在 npm 注册表上或通过 npm 安装时显示为安全的包在通过 pnpm 安装时被受损或恶意版本替换。
Readme
CVE-2023-37478-Demo
File Snapshot

 [4.0K]  /data/pocs/32cbdc5de2fe413d90729849c3d9426120949725
├── [ 975]  package.json
├── [ 54M]  pnpm-macos-arm64
├── [4.0K]  public
│   └── [1.7K]  index.html
├── [  19]  README.md
├── [4.0K]  src
│   ├── [4.0K]  components
│   │   ├── [ 283]  Board.js
│   │   ├── [1.7K]  Game.js
│   │   └── [ 259]  Square.js
│   ├── [ 409]  helper.js
│   ├── [1.0K]  index.css
│   └── [ 188]  index.js
└── [4.0K]  ttt-utils
    ├── [4.0K]  bad_version
    │   ├── [ 514]  index.js
    │   └── [ 206]  package.json
    ├── [4.0K]  good_version
    │   ├── [ 488]  index.js
    │   └── [ 209]  package.json
    └── [ 635]  ttt-utils.tgz

6 directories, 15 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.