AVG-1082 log
Package | npm |
Status | Fixed |
Severity | Medium |
Type | arbitrary file overwrite |
Affected | 6.12.1-1 |
Fixed | 6.13.4-1 |
Current | 10.9.0-1 [extra] |
Ticket | None |
Created | Fri Dec 20 10:06:05 2019 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2019-16777 | Medium | Yes | Arbitrary file overwrite | Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be... |
CVE-2019-16776 | Medium | Yes | Arbitrary file overwrite | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended... |
CVE-2019-16775 | Medium | Yes | Arbitrary file overwrite | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of the... |