Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

@npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following

๐Ÿ—“๏ธย 31 Aug 2021ย 16:03:04Reported byย GitHub Advisory DatabaseTypeย 
github
ย github๐Ÿ”—ย github.com๐Ÿ‘ย 36ย Views

@npmcli/arborist Vulnerable to UNIX Symbolic Link (Symlink) Following, Arbitrary File Creation, Overwrite, Code Execution

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Detection
Refs
ReporterTitlePublishedViews
Family
AlpineLinux		CVE-2021-39134
31 Aug 202117:15
โ€“alpinelinux
Cvelist		CVE-2021-39134 UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
31 Aug 202116:55
โ€“cvelist
IBM Security Bulletins		Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Node.js (CVE-2021-39134)
22 Apr 202219:38
โ€“ibm
IBM Security Bulletins		Security Bulletin: IBM App Connect Enterprise Certified Container Integration Servers may be vulnerable to a symlink attack due to CVE-2021-39134
7 Oct 202110:29
โ€“ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities affect IBM Rationalยฎ Application Developer for WebSphereยฎ Software - September 2021
16 Nov 202119:47
โ€“ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software included in Rational Developer for i
12 Dec 202119:49
โ€“ibm
IBM Security Bulletins		Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Node.js
29 Oct 202121:37
โ€“ibm
IBM Security Bulletins		Security Bulletin: IBM Security Verify Governance is vulnerable to multiple security issues due to Node.js
22 Aug 202215:20
โ€“ibm
IBM Security Bulletins		Security Bulletin: High severity vulnerabilities in libraries used by IBM Spectrum Discover (libraries of libraries)
27 Apr 202222:57
โ€“ibm
OSV		CVE-2021-39134
31 Aug 202117:15
โ€“osv
Rows per page
Vulners
Node
npmcliarboristRange<2.8.2

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
31 Aug 2021 16:04Current
7High risk
Vulners AI Score7
CVSS24.4
CVSS37.8 - 8.2
EPSS0.01359
CWE-59CWE-61CWE-178
npmcliarboristvulnerabilitysymbolic linkarbitrary file creationoverwritecode executionnpmdependencyfile systemspatchesfixcaveatpackage-lockupdate
36
.json
Report