EUVD-2019-0674

Malware in sbrugna...

CVE-2019-5484

Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted...

6pm (=0.1.0), @absolunet/nwayo-cli (>=1.0.0 <=3.6.1) +1378 more potentially affected by CVE-2019-5484 via bower (>=0.10.0 <=1.8.4)

bower NPM version =0.10.0, =1.0.0, =3.3.0, =0.1.20, =0.16.9, =0.0.4, =0.102.0, =2.0.0-beta.1, =0.0.1, =1.0.4, =1.0.2, =0.1.16, =1.0.0-alpha.0, =1.0.0-alpha.0, =1.0.0, =1.2.3 and more Source cves: CVE-2019-5484 Source advisory: OSV:GHSA-P6MR-PXG4-68HX...

CVE-2019-5484

Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview bower offers a generic, unopinionated solution to the problem of front-end package management. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. Attackers can write arbitrary files when a malicious archive is extracted. Details It i...

6pm (=0.1.0), @absolunet/nwayo-cli (>=1.0.0 <=3.6.1) +1332 more potentially affected by CVE-2019-5484 via bower (>=1.1.2 <=1.8.4)

bower NPM version =1.1.2, =1.0.0, =3.3.0, =0.1.20, =0.16.9, =0.0.4, =0.102.0, =2.0.0-beta.1, =0.0.1, =1.0.4, =1.0.2, =0.1.16, =1.0.0-alpha.0, =1.0.0-alpha.0, =1.0.0, =1.2.3 and more Source cves: CVE-2019-5484 Source advisory: SNYK:JS-BOWER-73627...