AVG-1082 log
| Package | npm |
| Status | Fixed |
| Severity | Medium |
| Type | arbitrary file overwrite |
| Affected | 6.12.1-1 |
| Fixed | 6.13.4-1 |
| Current | 11.6.4-1 [extra] |
| Ticket | None |
| Created | Fri Dec 20 10:06:05 2019 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2019-16777 | Medium | Yes | Arbitrary file overwrite | Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be... |
| CVE-2019-16776 | Medium | Yes | Arbitrary file overwrite | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended... |
| CVE-2019-16775 | Medium | Yes | Arbitrary file overwrite | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of the... |