Количество 14
Количество 14
GHSA-4328-8hgf-7wjr
npm Vulnerable to Global node_modules Binary Overwrite
CVE-2019-16777
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
CVE-2019-16777
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
CVE-2019-16777
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
CVE-2019-16777
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary ...
BDU:2019-04689
Уязвимость набора инструментов командной строки пакетных менеджеров NPM и Yarn, позволяющая нарушителю перезаписать произвольные файлы в контексте целевого каталога
openSUSE-SU-2020:0059-1
Security update for nodejs8
SUSE-SU-2020:0247-1
Security update for nodejs6
SUSE-SU-2020:0104-1
Security update for nodejs10
SUSE-SU-2020:0063-1
Security update for nodejs10
SUSE-SU-2020:0043-1
Security update for nodejs8
SUSE-SU-2020:0429-1
Security update for nodejs12
RLSA-2020:0579
Important: nodejs:10 security update
ELSA-2020-0579
ELSA-2020-0579: nodejs:10 security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-4328-8hgf-7wjr npm Vulnerable to Global node_modules Binary Overwrite | CVSS3: 7.7 | 0% Низкий | больше 5 лет назад |
 | CVE-2019-16777 Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. | CVSS3: 7.7 | 0% Низкий | больше 5 лет назад |
 | CVE-2019-16777 Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. | CVSS3: 4.8 | 0% Низкий | больше 5 лет назад |
 | CVE-2019-16777 Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. | CVSS3: 7.7 | 0% Низкий | больше 5 лет назад |
| CVE-2019-16777 Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary ... | CVSS3: 7.7 | 0% Низкий | больше 5 лет назад |
 | BDU:2019-04689 Уязвимость набора инструментов командной строки пакетных менеджеров NPM и Yarn, позволяющая нарушителю перезаписать произвольные файлы в контексте целевого каталога | CVSS3: 7.7 | 0% Низкий | больше 5 лет назад |
 | openSUSE-SU-2020:0059-1 Security update for nodejs8 | больше 5 лет назад | ||
| SUSE-SU-2020:0247-1 Security update for nodejs6 | больше 5 лет назад | ||
| SUSE-SU-2020:0104-1 Security update for nodejs10 | больше 5 лет назад | ||
| SUSE-SU-2020:0063-1 Security update for nodejs10 | больше 5 лет назад | ||
| SUSE-SU-2020:0043-1 Security update for nodejs8 | больше 5 лет назад | ||
| SUSE-SU-2020:0429-1 Security update for nodejs12 | больше 5 лет назад | ||
 | RLSA-2020:0579 Important: nodejs:10 security update | больше 5 лет назад | ||
| ELSA-2020-0579 ELSA-2020-0579: nodejs:10 security update (IMPORTANT) | больше 5 лет назад |
Уязвимостей на страницу