Lucene search
Jérémy LalNODEJS:152HistoryOct 27, 2016 - 4:08 p.m.
Local Privilege Escalation
2016-10-2716:08:31
Jérémy Lal
www.npmjs.com
24
EPSS
0
Percentile
5.1%
Overview
Affected versions of npm use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the npm process has permission to write to, potentially resulting in local privilege escalation.
Recommendation
Update to version 1.3.3 or later.
References
Related
openvas
openvas
Fedora Update for nodejs-vows FEDORA-2013-11780
2013-08-01 00:00:00
Fedora Update for nodejs-sha FEDORA-2013-12908
2013-08-20 00:00:00
Fedora Update for nodejs-normalize-package-data FEDORA-2013-11780
2013-08-01 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: nodejs-inherits-2.0.0-3.fc18
2013-07-23 01:02:25
[SECURITY] Fedora 18 Update: npm-1.3.3-1.fc18
2013-07-23 01:02:25
[SECURITY] Fedora 19 Update: npm-1.3.3-1.fc19
2013-07-23 01:04:54
nvd
nvd
CVE-2013-4116
2014-04-22 14:23:34
nessus
nessus
prion
prion
Code injection
2014-04-22 14:23:00
ubuntucve
ubuntucve
CVE-2013-4116
2014-04-22 00:00:00
osv
osv
Local Privilege Escalation in npm
2020-09-01 16:03:34
debiancve
debiancve
CVE-2013-4116
2014-04-22 14:23:34
cvelist
cvelist
CVE-2013-4116
2014-04-22 14:00:00
github
github
Local Privilege Escalation in npm
2020-09-01 16:03:34
cve
cve
CVE-2013-4116
2014-04-22 14:23:34