Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:30 a.m.7 views

CVE-2019-5484

Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted...

7.5CVSS6.8AI score0.02566EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 9:52 p.m.12 views

Security Bulletin: Vulnerability in Node.js affects IBM Process Mining (CVE-2019-5484)

Summary There is a vulnerability in Node.js that could allow a local attacker to launch a symlink attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2019-5484 DESCRIPTION: Node.js bower...

7.5CVSS7.3AI score0.02566EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2019/09/17 11:21 p.m.7 views

6pm (=0.1.0), @absolunet/nwayo-cli (>=1.0.0 <=3.6.1) +1376 more potentially affected by CVE-2019-5484 via bower (>=0.10.0 <=1.8.4)

bower NPM version =0.10.0, =1.0.0, =3.3.0, =0.1.20, =0.16.9, =0.0.4, =0.102.0, =2.0.0-beta.1, =0.0.1, =1.0.4, =1.0.2, =0.1.16, =1.0.0-alpha.0, =1.0.0-alpha.0, =1.0.0, =1.2.3 and more Source cves: CVE-2019-5484 Source advisory: OSV:GHSA-P6MR-PXG4-68HX...

7.5CVSS7.1AI score0.02566EPSS
Exploits1
CVE
CVE
added 2019/09/13 5:30 p.m.280 views

CVE-2019-5484

CVE-2019-5484 – Bower path traversal . Affects Bower up to version 1.8.7; older releases permit writing files to arbitrary locations during extraction of a malicious package via the install command. Root cause is improper validation of extracted paths, enabling directory traversal and arbitrary f...

7.5CVSS7.3AI score0.02566EPSS
Exploits1References5Affected Software1
vulnersOsv
vulnersOsv
added 2019/01/24 11:37 a.m.7 views

6pm (=0.1.0), @absolunet/nwayo-cli (>=1.0.0 <=3.6.1) +1330 more potentially affected by CVE-2019-5484 via bower (>=1.1.2 <=1.8.4)

bower NPM version =1.1.2, =1.0.0, =3.3.0, =0.1.20, =0.16.9, =0.0.4, =0.102.0, =2.0.0-beta.1, =0.0.1, =1.0.4, =1.0.2, =0.1.16, =1.0.0-alpha.0, =1.0.0-alpha.0, =1.0.0, =1.2.3 and more Source cves: CVE-2019-5484 Source advisory: SNYK:JS-BOWER-73627...

7.5CVSS7.1AI score0.02566EPSS
Exploits1
Rows per page
Query Builder