CVE-2019-16776

🗓️ 13 Dec 2019 01:10:15Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 199 Views

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 82
Cvelist	CVE-2019-16776 Unauthorized File Access in npm CLI before before version 6.13.3	13 Dec 201900:55	–	cvelist
UbuntuCve	CVE-2019-16776	13 Dec 201900:00	–	ubuntucve
Prion	Code injection	13 Dec 201901:15	–	prion
Veracode	Arbitrary File Overwrite	12 Dec 201903:16	–	veracode
OSV	CGA-7R52-GVRC-C3PV	25 Sep 202405:16	–	osv
OSV	CGA-M78G-5RXQ-8J78	25 Sep 202405:28	–	osv
OSV	CGA-J7G7-G38X-VWR4	31 Mar 202516:05	–	osv
OSV	CGA-XJXM-8PP6-CV4V	31 Mar 202516:02	–	osv
OSV	UBUNTU-CVE-2019-16776	13 Dec 201901:15	–	osv
OSV	CGA-HMQ4-GM5H-HPVW	25 Sep 202405:25	–	osv

Nvd

Vulners

Node

npmjs npmRange<6.13.3

Node

opensuse leapMatch15.1

Node

oracle graalvmMatch19.3.0.2enterprise

Node

fedoraproject fedoraMatch31

Node

redhat enterprise_linuxMatch8.0

redhat enterprise_linux_eusMatch8.1

[
  {
    "product": "cli",
    "vendor": "npm",
    "versions": [
      {
        "lessThan": "6.13.3",
        "status": "affected",
        "version": "< 6.13.3",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2020:0573
access	www.access.redhat.com/errata/RHSA-2020:0602
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
access	www.access.redhat.com/errata/RHSA-2020:0597
lists	www.lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
github	www.github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46
blog	www.blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
oracle	www.oracle.com/security-alerts/cpujan2020.html
access	www.access.redhat.com/errata/RHSA-2020:0579
access	www.access.redhat.com/errata/RHEA-2020:0330

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 Dec 2019 01:15Current

7.4High risk

Vulners AI Score7.4

CVSS25.5

CVSS37.7 - 8.1

EPSS0.00403

CWE-22