Lucene search

CVE-2019-5484

🗓️ 13 Sep 2019 18:11:15Reported by Alpine Linux Development TeamType

alpinelinux🔗 security.alpinelinux.org👁 18 Views

Bower 1.8.8 path traversal vulnerability allows arbitrary file write via install comman

Reporter	Title	Published	Views	Family All 13
Github Security Blog	Symlink Arbitrary File Overwrite in bower	17 Sep 201923:21	–	github
Prion	Path traversal	13 Sep 201918:15	–	prion
Cvelist	CVE-2019-5484	13 Sep 201917:30	–	cvelist
Hacker One	Node.js third-party modules: [bower] Arbitrary File Write through improper validation of symlinks while package extraction	1 Jan 201917:17	–	hackerone
Hacker One	Internet Bug Bounty: [bower] Arbitrary File Write through improper validation of symlinks while package extraction	7 Feb 201916:09	–	hackerone
OSV	CVE-2019-5484	13 Sep 201918:15	–	osv
OSV	Symlink Arbitrary File Overwrite in bower	17 Sep 201923:21	–	osv
Veracode	Arbitrary File Write	25 Jan 201901:35	–	veracode
IBM Security Bulletins	Security Bulletin: Vulnerability in Node.js affects IBM Process Mining (CVE-2019-5484)	1 Feb 202321:52	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities found with third-party libraries used by IBM® MobileFirst Platform	17 Feb 202315:44	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Alpine	3.15-community	noarch	bower	0.13-r0	UNKNOWN
Alpine	3.16-community	noarch	bower	0.13-r1	UNKNOWN
Alpine	3.17-community	noarch	bower	1.0-r0	UNKNOWN
Alpine	3.18-community	noarch	bower	1.0-r1	UNKNOWN
Alpine	3.19-community	noarch	bower	1.0-r2	UNKNOWN
Alpine	3.20-community	noarch	bower	1.0-r2	UNKNOWN
Alpine	edge-community	noarch	bower	1.1-r0	UNKNOWN

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 Sep 2019 18:15Current

5.5Medium risk

Vulners AI Score5.5

CVSS25

CVSS37.5

EPSS0.00766