Описание
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 3.5.2-0ubuntu4 |
| devel | not-affected | 3.5.2-0ubuntu4 |
| esm-apps/bionic | not-affected | 3.5.2-0ubuntu4 |
| esm-apps/xenial | not-affected | 3.5.2-0ubuntu4 |
| esm-infra-legacy/trusty | not-affected | 1.3.10~dfsg-1 |
| lucid | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needs-triage |
| quantal | ignored | end of life |
Показывать по
3.3 Low
CVSS2
Связанные уязвимости
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local us ...
3.3 Low
CVSS2