CVE-2025-4759
HIGHDescription
Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by extending the package name allowing an attacker to install other npm packages than the intended one.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| lirantal | lockfile-lint-api |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-4759? +
How severe is CVE-2025-4759? +
What products are affected by CVE-2025-4759? +
How do I check if I'm vulnerable to CVE-2025-4759? +
Related Vulnerabilities
The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base …
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate …
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. A local attacker could exploit this …