14 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-39134
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarante...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Node.js (CVE-2021-39134)
Summary Security Vulnerabilities affect IBM Cloud Private - Node.js Vulnerability Details CVEID: CVE-2021-39134 DESCRIPTION: Node.js @npmcli/arborist module could allow a local attacker to launch a symlink attack, caused by the failure of multiple dependencies to coexist within the same level in...
openSUSE: Security Advisory for nodejs14 (openSUSE-SU-2021:1552-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Mageia: Security Advisory (MGASA-2021-0463)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:0101-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for nodejs14 (openSUSE-SU-2021:3964-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE: Security Advisory for nodejs12 (openSUSE-SU-2021:3940-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for nodejs12 (important)
openSUSE Security Update: Security update for nodejs12 Announcement ID: openSUSE-SU-2021:3940-1 Rating: important References: 1190053 1190054 1190055 1190056 1190057 1191601 1191602 Cross-References: CVE-2021-22959 CVE-2021-22960 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134...
Security Bulletin: IBM App Connect Enterprise Certified Container Integration Servers may be vulnerable to a symlink attack due to CVE-2021-39134
Summary IBM App Connect Enterprise Certified Container Integration Server images may be vulnerable to a symlink attack that could alter the files on disk due to vulnerabilities in the Node module npm. The npm module is not used at runtime by IBM App Connect Enterprise itself, but anyone using the...
Security fix for the ALT Linux 10 package node version 14.17.6-alt1
Sept. 1, 2021 Vitaly Lipatov 14.17.6-alt1 - new version 14.17.6 with rpmrb script - set npm = 6.14.15 - set openssl = 1.1.1l - CVE-2021-32803, CVE-2021-32804, CVE-2021-37701, CVE-2021-37712, CVE-2021-37713, CVE-2021-39134, CVE-2021-39135...
CVE-2021-39134
@npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder...
CVE-2021-39134
CVE-2021-39134 affects Node.js @npmcli/arborist. On case-insensitive file systems, Arborist could allow a local attacker to write arbitrary contents to arbitrary filesystem locations via a symlink dependency crafted across conflicting case names (e.g., pwn-a with foo:"file:/some/path" and pwn-b w...
UNIX Symbolic Link (Symlink) Following
Overview Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be...
433bf (=0.0.1), @achinet/nestjs-async (=0.0.1) +147 more potentially affected by CVE-2021-39134 via @npmcli/arborist (>=0.0.0-pre.10 <=2.10.0)
@npmcli/arborist NPM version =0.0.0-pre.10, =1.2.0, =8.1.0, =1.1.0-next.4, =0.2.7, =0.13.0, =0.0.1, =0.0.1, =0.0.29, =1.1.0-rc.283, =1.1.0-rc.282, =1.1.0-rc.292 and more Source cves: CVE-2021-39134 Source advisory: OSV:GHSA-2H3H-Q99F-3FHC...