Количество 14
Количество 14
GHSA-m6cx-g6qm-p2cx
Arbitrary File Write in npm
CVE-2019-16775
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
CVE-2019-16775
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
CVE-2019-16775
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
CVE-2019-16775
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary ...
BDU:2019-04691
Уязвимость набора инструментов командной строки пакетных менеджеров NPM и Yarn, позволяющая нарушителю записывать произвольные файлы
openSUSE-SU-2020:0059-1
Security update for nodejs8
SUSE-SU-2020:0247-1
Security update for nodejs6
SUSE-SU-2020:0104-1
Security update for nodejs10
SUSE-SU-2020:0063-1
Security update for nodejs10
SUSE-SU-2020:0043-1
Security update for nodejs8
SUSE-SU-2020:0429-1
Security update for nodejs12
RLSA-2020:0579
Important: nodejs:10 security update
ELSA-2020-0579
ELSA-2020-0579: nodejs:10 security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-m6cx-g6qm-p2cx Arbitrary File Write in npm | CVSS3: 7.7 | 0% Низкий | почти 6 лет назад |
 | CVE-2019-16775 Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. | CVSS3: 7.7 | 0% Низкий | почти 6 лет назад |
 | CVE-2019-16775 Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. | CVSS3: 4.8 | 0% Низкий | почти 6 лет назад |
 | CVE-2019-16775 Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. | CVSS3: 7.7 | 0% Низкий | почти 6 лет назад |
| CVE-2019-16775 Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary ... | CVSS3: 7.7 | 0% Низкий | почти 6 лет назад |
 | BDU:2019-04691 Уязвимость набора инструментов командной строки пакетных менеджеров NPM и Yarn, позволяющая нарушителю записывать произвольные файлы | CVSS3: 7.7 | 0% Низкий | почти 6 лет назад |
 | openSUSE-SU-2020:0059-1 Security update for nodejs8 | почти 6 лет назад | ||
| SUSE-SU-2020:0247-1 Security update for nodejs6 | почти 6 лет назад | ||
| SUSE-SU-2020:0104-1 Security update for nodejs10 | почти 6 лет назад | ||
| SUSE-SU-2020:0063-1 Security update for nodejs10 | почти 6 лет назад | ||
| SUSE-SU-2020:0043-1 Security update for nodejs8 | почти 6 лет назад | ||
| SUSE-SU-2020:0429-1 Security update for nodejs12 | больше 5 лет назад | ||
 | RLSA-2020:0579 Important: nodejs:10 security update | больше 5 лет назад | ||
| ELSA-2020-0579 ELSA-2020-0579: nodejs:10 security update (IMPORTANT) | больше 5 лет назад |
Уязвимостей на страницу