Описание
Arbitrary File Write in bin-links
Versions of bin-links prior to 1.1.5 are vulnerable to an Arbitrary File Write. The package fails to restrict access to folders outside of the intended node_modules folder through the bin field. This allows attackers to create arbitrary files in the system. Note it is not possible to overwrite files that already exist.
Recommendation
Upgrade to version 1.1.5 or later.
Пакеты
Наименование
bin-links
npm
Затронутые версииВерсия исправления
< 1.1.5
1.1.5