CPIO and NPM Packages - What's the Problem?

The vulnerability is rated with a CSS score of 10 and it was assigned a CVE number of 2022 36 067. If you're not authenticated in order to really see the package, you may still be able to deduct whether or not the package exists by checking how long it takes for the error message to come back. In tests that Aqua did, the difference was sort of around 600 milliseconds if the package does not exist and 100 milliseconds if it does exist.