npm

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	A package manager for javascript
Version	8.1.3-1 [community]

Open

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2554	8.1.3-1		Medium	Vulnerable

Issue	Group	Severity	Remote	Type	Description
CVE-2021-43616	AVG-2554	Medium	Yes	Insufficient validation	The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from...

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-1082	6.12.1-1	6.13.4-1	Medium	Fixed
AVG-626	5.7.0-1	5.7.1-1	High	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2019-16777	AVG-1082	Medium	Yes	Arbitrary file overwrite	Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be...
CVE-2019-16776	AVG-1082	Medium	Yes	Arbitrary file overwrite	Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended...
CVE-2019-16775	AVG-1082	Medium	Yes	Arbitrary file overwrite	Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of the...
CVE-2018-7408	AVG-626	High	No	Access restriction bypass	An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm"...