Symlink reference outside of node_modules

Overview Versions of bin-links prior to 1.1.5 are vulnerable to a Symlink reference outside of nodemodules. It is possible to create symlinks to files outside of thenodemodules folder through the bin field. This may allow attackers to access unauthorized files. Recommendation Upgrade to version...

Arbitrary File Write

Overview Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to create...

Command Injection

Overview All versions of treekill are vulnerable to Command Injection. The package fails to sanitize values passed to the kill function. If this value is user-controlled it may allow attackers to run arbitrary commands in the server. The issue only affects Windows systems. Recommendation No fix i...

Command Injection

Overview All versions of node-df are vulnerable to Command Injection. The package fails to sanitize filenames passed to the file option. If this value is user-controlled it may allow attackers to run arbitrary commands in the server. Recommendation No fix is currently available. Consider using an...

Arbitrary File Write

Overview Versions of bin-links prior to 1.1.5 are vulnerable to an Arbitrary File Write. The package fails to restrict access to folders outside of the intended nodemodules folder through the bin field. This allows attackers to create arbitrary files in the system. Note it is not possible to...

Cross-Site Scripting

Overview Versions of serialize-javascript prior to 2.1.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications. Recommendation Upgrade to version 2.1.1 or later. References - GitHub advisor...

Validation Bypass

Overview Versions of slp-validate prior to 1.0.1 are vulnerable to a validation bypass. Bitcoin scripts may cause the validation result from slp-validate to differ from the specified SLP consensus. This allows an attacker to create a Bitcoin script that causes a hard-fork from the SLP consensus...

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious 󠅮󠅰󠅭Package

Overview All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...