AVG-1082 log

Package npm
Status Fixed
Severity Medium
Type arbitrary file overwrite
Affected 6.12.1-1
Fixed 6.13.4-1
Current 6.13.6-1 [community]
Ticket None
Created Fri Dec 20 10:06:05 2019
Issue Severity Remote Type Description
CVE-2019-16777 Medium Yes Arbitrary file overwrite
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be...
CVE-2019-16776 Medium Yes Arbitrary file overwrite
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended...
CVE-2019-16775 Medium Yes Arbitrary file overwrite
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of the...