Lucene search

CVE-2019-16775

🗓️ 13 Dec 2019 01:10:15Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 231 Views

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 82
NVD	CVE-2019-16775	13 Dec 201901:15	–	nvd
OSV	CGA-688W-X2H8-88QQ	31 Mar 202516:02	–	osv
OSV	CGA-VW3X-PF52-29HF	25 Sep 202405:35	–	osv
OSV	CVE-2019-16775	13 Dec 201901:15	–	osv
OSV	CGA-R7X8-7XC9-5M6P	25 Sep 202405:33	–	osv
OSV	CGA-9C47-RQW6-G736	25 Sep 202405:18	–	osv
OSV	GHSA-M6CX-G6QM-P2CX Arbitrary File Write in npm	13 Dec 201915:39	–	osv
OSV	UBUNTU-CVE-2019-16775	13 Dec 201901:15	–	osv
OSV	CGA-2JRR-WFJP-8XH7	31 Mar 202516:00	–	osv
OSV	CGA-8W94-PP46-7QVQ	25 Sep 202405:18	–	osv

Nvd

Vulners

Node

redhat enterprise_linuxMatch8.0

redhat enterprise_linux_eusMatch8.1

Node

npmjs npmRange<6.13.3

Node

opensuse leapMatch15.1

Node

oracle graalvmMatch19.3.0.2enterprise

oracle graalvmMatch20.3.3enterprise

oracle graalvmMatch21.2.2enterprise

Node

fedoraproject fedoraMatch31

[
  {
    "product": "cli",
    "vendor": "npm",
    "versions": [
      {
        "lessThan": "6.13.3",
        "status": "affected",
        "version": "< 6.13.3",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
github	www.github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx
lists	www.lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
oracle	www.oracle.com/security-alerts/cpujan2020.html
access	www.access.redhat.com/errata/RHSA-2020:0602
access	www.access.redhat.com/errata/RHEA-2020:0330
oracle	www.oracle.com/security-alerts/cpuoct2021.html
access	www.access.redhat.com/errata/RHSA-2020:0573
access	www.access.redhat.com/errata/RHSA-2020:0579
blog	www.blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
access	www.access.redhat.com/errata/RHSA-2020:0597

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 Dec 2019 01:15Current

7High risk

Vulners AI Score7

CVSS24

CVSS36.5 - 7.7

EPSS0.003