CVE-2019-16776 Unauthorized File Access in npm CLI before before version 6.13.3

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

CVE-2019-16776

CVE-2019-16776 affects the npm CLI prior to 6.13.3 and arises from improper handling of the bin field. A crafted bin entry can cause arbitrary file writes outside the intended node_modules folder, enabling a publisher to modify or access arbitrary files on a user’s system during installation; exp...

CVE-2019-16776

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

CVE-2019-16775 Unauthorized File Access in npm CLI before before version 6.13.3

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

CVE-2019-16775

CVE-2019-16775 concerns the npm CLI prior to version 6.13.3. The vulnerability allows a package publisher to create symlinks to arbitrary files outside the node_modules folder via the package.json bin field during installation, and the behavior can also occur through install scripts. This could e...

CVE-2019-16775

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

npm CLI path traversal vulnerability

The npm CLI is a package manager. A path traversal vulnerability exists in npm CLI versions prior to 6.13.3. The vulnerability stems from a failure of a networked system or product to properly filter for special elements in a resource or file path. An attacker could use this vulnerability to acce...

Cisco IOS XE Software Privileged EXEC Mode Root Shell Access (cisco-sa-20180926-privesc)

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the CLI parser due to the affected software improperly sanitizing command arguments to prevent modifications to the underlying Linux file system on a device. An authenticated, local attacker who has...

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1613)

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability in the CLI of Cisco NX-OS Software that could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device.The vulnerability is due to...

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1610)

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability in the CLI of Cisco NX-OS Software that could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device.The vulnerability is due to...

Cisco IOS XE Software CLI Command Injection Multiple Vulnerabilities (cisco-sa-20180328-cmdinj)

According to its self-reported version, Cisco IOS XE Software is affected by multiple vulnerabilities in the CLI parser because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An authenticated, local attacker can...

Global node_modules Binary Overwrite

Overview Versions of the npm CLI prior to 6.13.4 are vulnerable to a Global nodemodules Binary Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any...

Symlink reference outside of node_modules

Overview Versions of the npm CLI prior to 6.13.3 are vulnerable to a symlink reference outside of nodemodules. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin fie...

Arbitrary File Write

Overview Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to create...

@jamesbliss/react-flickity (>=1.0.0 <=1.4.0), @jamesbliss/react-spy (=0.0.1) +21 more potentially affected by CVE-2019-10773 via yarn (>=1.0.2 <=1.21.0)

yarn NPM version =1.0.2, =1.0.0, =1.9.9, =1.0.0, =1.0.21, =8.3.8, =0.1.0, =3.0.0, =0.0.1, =0.0.0-semantic-release, =1.5.9, =1.1.2, =1.13.1 and more Source cves: CVE-2019-10773 Source advisory: SNYK:JS-YARN-537806...

@achil/parcel-bundler (>=1.11.1 <=1.12.34), @acies/core (>=1.2.89 <=1.2.215) +134 more potentially affected by CVE-2019-10769 via safer-eval (>=1.2.3 <=1.3.6)

safer-eval NPM version =1.2.3, =1.11.1, =1.2.89, =0.1.0, =4.0.0, =4.1.0, =4.1.2, =0.9.2-pre.41, =2.0.2, =1.0.0, =1.9.3, =0.3.0, =1.12.3, =1.0.0, =0.0.1, =3.4.4 and more Source cves: CVE-2019-10769 Source advisory: OSV:GHSA-V63X-XC9J-HHVQ...

npm CLI CVE-2019-16776 Arbitrary File Write Vulnerability

Description npm CLI is prone to an arbitrary file-write vulnerability. Successful exploits may allow an attacker to gain access or perform unauthorized actions on arbitrary files on the affected system. Versions prior to npm 6.13.3 are vulnerable. Technologies Affected Oracle GraalVM Enterprise...

PT-2019-1105 · Npm +6 · Npm Cli +6

Name of the Vulnerable Software and Affected Versions: npm CLI versions prior to 6.13.3 Description: The issue exists due to incorrect restriction of the path name to a directory with limited access. Exploitation may allow a remote attacker to write arbitrary files by creating a symbolic link to...

Genact - A Nonsense Activity Generator

Pretend to be busy or waiting for your computer when you should actually be doing real work! Impress people with your insane multitasking skills. Just open a few instances of genact and watch the show. genact has multiple scenes that pretend to be doing something exciting or useful when in realit...

Cisco NX-OS Software Privilege Escalation Vulnerability

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability in the CLI of Cisco NX-OS Software. This vulnerability could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient...