Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2021/08/31 5:15 p.m.16 views

CVE-2021-39135

@npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder...

8.2CVSS0.00211EPSS
Exploits0References4
OSV
OSVadded 2021/08/31 5:15 p.m.24 views

CVE-2021-39134

@npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder...

7.8CVSS7.5AI score
Exploits0References4
OSV
OSVadded 2021/08/31 5:15 p.m.19 views

CVE-2021-39135

@npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder...

7.8CVSS0.9AI score
Exploits0References4
UbuntuCve
UbuntuCveadded 2021/08/31 5:15 p.m.39 views

CVE-2021-39134

@npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder...

8.2CVSS7AI score0.00718EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2021/08/31 5:15 p.m.20 views

CVE-2021-39135

@npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder...

8.2CVSS6.9AI score0.00211EPSS
Exploits0References3
CVE
CVEadded 2021/08/31 5:10 p.m.154 views

CVE-2021-39135

CVE-2021-39135 affects the Node.js npm arborist module, which builds dependency trees and writes into node_modules. The issue arises if the root project’s node_modules folder (or a dependency’s) is replaced with a symbolic link, allowing a local attacker to write package dependencies to an arbitr...

8.2CVSS6.7AI score0.00211EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2021/08/31 4:4 p.m.21 views

GHSA-2H3H-Q99F-3FHC @npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and t...

8.2CVSS6.5AI score0.00718EPSS
Exploits0References6
OSV
OSVadded 2021/08/31 4:3 p.m.34 views

GHSA-GMW6-94GG-2RC2 UNIX Symbolic Link (Symlink) Following in @npmcli/arborist

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and t...

8.2CVSS6.7AI score0.00211EPSS
Exploits0References6
Rows per page
Query Builder