npm

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A package manager for javascript
Version 6.13.6-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1082 6.12.1-1 6.13.4-1 Medium Fixed
AVG-626 5.7.0-1 5.7.1-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2019-16777 AVG-1082 Medium Yes Arbitrary file overwrite
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be...
CVE-2019-16776 AVG-1082 Medium Yes Arbitrary file overwrite
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended...
CVE-2019-16775 AVG-1082 Medium Yes Arbitrary file overwrite
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of the...
CVE-2018-7408 AVG-626 High No Access restriction bypass
An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm"...