Lucene search

[email protected]NVD:CVE-2013-4116

HistoryApr 22, 2014 - 2:23 p.m.

CVE-2013-4116

2014-04-2214:23:34

CWE-59

[email protected]

web.nvd.nist.gov

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

Percentile

5.1%

JSON

lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

Affected configurations

Nvd

Node

node_packaged_modules_projectnode_packaged_modulesRange<1.3.3node.js

References

www.openwall.com/lists/oss-security/2013/07/10/17

www.openwall.com/lists/oss-security/2013/07/11/9

www.securityfocus.com/bid/61083

bugs.debian.org/cgi-bin/bugreport.cgi?bug=715325

bugzilla.redhat.com/show_bug.cgi?id=983917

exchange.xforce.ibmcloud.com/vulnerabilities/87141

github.com/npm/npm/commit/f4d31693

github.com/npm/npm/issues/3635

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2013-4116

openvas118 fedora59 nessus2 prion1 ubuntucve1 osv1 debiancve1 cvelist1 nodejs1 github1 cve1