CNNVD-202601-4441 Information

CNNVD ID

CNNVD-202601-4441

Related CVE

CVE-2026-24910

• CNNVD Published: 2026-01-27

Description (Chinese)

Bun是Bun开源的一个适用于 JavaScript 和 TypeScript 应用程序的一体化工具包。 Bun 1.3.5之前版本存在安全漏洞，该漏洞源于默认受信任依赖列表可能被名称匹配的非npm包欺骗。

Description (English)

Bun is an integrated toolkit for JavaScript and TypeScript applications for Bun Open Source. The previous version of Bun 1.3.5 had a security loophole, which stemmed from the fact that the default trusted-dependent list could be deceived by a non-npm package matched by a name.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Bun

Published

2026-01-27

Last Modified

2026-02-24

References

https://bun.com/blog/bun-v1.3.5 https://www.koi.ai/blog/packagegate-6-zero-days-in-js-package-managers-but-npm-wont-act https://www.scworld.com/news/six-javascript-zero-day-bugs-lead-to-fears-of-supply-chain-attack

Patch

https://github.com/oven-sh/bun/releases