Количество 14
Количество 14
GHSA-x8qc-rrcw-4r46
npm symlink reference outside of node_modules
CVE-2019-16776
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
CVE-2019-16776
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
CVE-2019-16776
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
CVE-2019-16776
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary ...
BDU:2019-04690
Уязвимость набора инструментов командной строки пакетных менеджеров NPM и Yarn, позволяющая нарушителю записывать произвольные файлы
openSUSE-SU-2020:0059-1
Security update for nodejs8
SUSE-SU-2020:0247-1
Security update for nodejs6
SUSE-SU-2020:0104-1
Security update for nodejs10
SUSE-SU-2020:0063-1
Security update for nodejs10
SUSE-SU-2020:0043-1
Security update for nodejs8
SUSE-SU-2020:0429-1
Security update for nodejs12
RLSA-2020:0579
Important: nodejs:10 security update
ELSA-2020-0579
ELSA-2020-0579: nodejs:10 security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-x8qc-rrcw-4r46 npm symlink reference outside of node_modules | CVSS3: 7.7 | 0% Низкий | больше 5 лет назад |
 | CVE-2019-16776 Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. | CVSS3: 7.7 | 0% Низкий | больше 5 лет назад |
 | CVE-2019-16776 Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. | CVSS3: 4.8 | 0% Низкий | больше 5 лет назад |
 | CVE-2019-16776 Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. | CVSS3: 7.7 | 0% Низкий | больше 5 лет назад |
| CVE-2019-16776 Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary ... | CVSS3: 7.7 | 0% Низкий | больше 5 лет назад |
 | BDU:2019-04690 Уязвимость набора инструментов командной строки пакетных менеджеров NPM и Yarn, позволяющая нарушителю записывать произвольные файлы | CVSS3: 7.7 | 0% Низкий | больше 5 лет назад |
 | openSUSE-SU-2020:0059-1 Security update for nodejs8 | больше 5 лет назад | ||
| SUSE-SU-2020:0247-1 Security update for nodejs6 | больше 5 лет назад | ||
| SUSE-SU-2020:0104-1 Security update for nodejs10 | больше 5 лет назад | ||
| SUSE-SU-2020:0063-1 Security update for nodejs10 | больше 5 лет назад | ||
| SUSE-SU-2020:0043-1 Security update for nodejs8 | больше 5 лет назад | ||
| SUSE-SU-2020:0429-1 Security update for nodejs12 | больше 5 лет назад | ||
 | RLSA-2020:0579 Important: nodejs:10 security update | больше 5 лет назад | ||
| ELSA-2020-0579 ELSA-2020-0579: nodejs:10 security update (IMPORTANT) | больше 5 лет назад |
Уязвимостей на страницу