36 matches found
CVE-2026-24131 pnpm has Path Traversal via arbitrary file permission modification
pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory,...
Directory Traversal
Overview @pnpm/package-bins is a that returns bins of a package. Affected versions of this package are vulnerable to Directory Traversal via the getBinsFromPackageManifest function. An attacker can modify file permissions outside the intended directory by supplying a crafted value in the...
MiracleLinux 7 : rh-nodejs12-nodejs-12.16.1-1.el7 (AXSA:2020-4480:02)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4480:02 advisory. nodejs: HTTP request smuggling using malformed Transfer-Encoding header CVE-2019-15605 nodejs: Remotely trigger an assertion on a TLS server with a...
MiracleLinux 7 : rh-nodejs8-nodejs-8.17.0-2.el7 (AXSA:2020-200:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-200:01 advisory. nodejs-brace-expansion: Regular expression denial of service CVE-2017-18077 nodejs-chownr: TOCTOU vulnerability in chownr function in chownr.js...
EUVD-2019-0805
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-16775
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of...
Linux Distros Unpatched Vulnerability : CVE-2019-16776
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules...
SUSE CVE-2019-16776
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...
SUSE CVE-2019-16775
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...
Security Bulletin: Vulnerability in npm affects IBM VM Recovery Manager HA
Summary There is vulnerability in npm which affects IBM VM Recovery Manager HA Vulnerability Details CVEID: CVE-2019-16775 DESCRIPTION: npm CLI could allow a local attacker to bypass security restrictions, caused by an arbitrary file overwrite vulnerability. An attacker could exploit this...
npm: Symlink reference outside of node_modules folder through the bin field upon installation
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...
npm: Arbitrary file write via constructed entry in the package.json bin field
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...
CVE-2019-16775
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...
npm: Symlink reference outside of node_modules folder through the bin field upon installation
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...
npm: Arbitrary file write via constructed entry in the package.json bin field
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...
npm: Symlink reference outside of node_modules folder through the bin field upon installation
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...
npm: Arbitrary file write via constructed entry in the package.json bin field
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...
npm: Arbitrary file write via constructed entry in the package.json bin field
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...
npm: Symlink reference outside of node_modules folder through the bin field upon installation
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...
npm: Arbitrary file write via constructed entry in the package.json bin field
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...