exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2018-7408

почти 8 лет назад

An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status). It might allow local users to bypass intended filesystem access restrictions because ownerships of /etc and /usr directories are being changed unexpectedly, related to a "correctMkdir" issue.

CVSS3: 7.8

EPSS: Низкий

CVE-2018-7408

почти 8 лет назад

An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status). It might allow local users to bypass intended filesystem access restrictions because ownerships of /etc and /usr directories are being changed unexpectedly, related to a "correctMkdir" issue.

CVSS3: 7.8

EPSS: Низкий

CVE-2018-7408

почти 8 лет назад

An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked ...

CVSS3: 7.8

EPSS: Низкий

GHSA-ph34-pc88-72gc

больше 3 лет назад

Incorrect Permission Assignment for Critical Resource in NPM

CVSS3: 7.8

EPSS: Низкий

BDU:2024-01409

почти 8 лет назад

Уязвимость компонента correctMkdir пакетного менеджера npm, позволяющая нарушителю обойти существующие ограничения безопасности

CVSS3: 7.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2018-7408 An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status). It might allow local users to bypass intended filesystem access restrictions because ownerships of /etc and /usr directories are being changed unexpectedly, related to a "correctMkdir" issue.	CVSS3: 7.8	0% Низкий	почти 8 лет назад
CVE-2018-7408 An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status). It might allow local users to bypass intended filesystem access restrictions because ownerships of /etc and /usr directories are being changed unexpectedly, related to a "correctMkdir" issue.	CVSS3: 7.8	0% Низкий	почти 8 лет назад
CVE-2018-7408 An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked ...	CVSS3: 7.8	0% Низкий	почти 8 лет назад
GHSA-ph34-pc88-72gc Incorrect Permission Assignment for Critical Resource in NPM	CVSS3: 7.8	0% Низкий	больше 3 лет назад
BDU:2024-01409 Уязвимость компонента correctMkdir пакетного менеджера npm, позволяющая нарушителю обойти существующие ограничения безопасности	CVSS3: 7.8	0% Низкий	почти 8 лет назад

Уязвимостей на страницу