Vulnerabilidades en Bun

1 resultado

CVE-2026-24910MEDIUMIn Bun before 1.3.5, the default trusted dependencies list (aka trust allow list) can be spoofed by a non-npm package in the case of a matchEPSS 0.1%