Lucene search
K

45 matches found

CNVD
CNVD
added 2019/12/13 12:0 a.m.2 views

npm CLI path traversal vulnerability

The npm CLI is a package manager. A path traversal vulnerability exists in npm CLI versions prior to 6.13.3. The vulnerability stems from a failure of a networked system or product to properly filter for special elements in a resource or file path. An attacker could use this vulnerability to acce...

8.1CVSS9.5AI score0.03342EPSS
Exploits0References1
Symantec
Symantec
added 2019/12/11 12:0 a.m.65 views

npm CLI CVE-2019-16776 Arbitrary File Write Vulnerability

Description npm CLI is prone to an arbitrary file-write vulnerability. Successful exploits may allow an attacker to gain access or perform unauthorized actions on arbitrary files on the affected system. Versions prior to npm 6.13.3 are vulnerable. Technologies Affected Oracle GraalVM Enterprise...

5.5CVSS0.8AI score0.03342EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2019/12/11 12:0 a.m.6 views

PT-2019-1105 · Npm +6 · Npm Cli +6

Name of the Vulnerable Software and Affected Versions: npm CLI versions prior to 6.13.3 Description: The issue exists due to incorrect restriction of the path name to a directory with limited access. Exploitation may allow a remote attacker to write arbitrary files by creating a symbolic link to...

9.8CVSS7.4AI score0.57132EPSS
Exploits2References104
Hacker One
Hacker One
added 2018/05/28 4:58 p.m.26 views

Node.js third-party modules: Privilage escalation with malicious .npmrc

Hello. I'm forwarding to you my conversation with npm staff regarding security issue. It allows to escalate to root privilages of victim using either: a basic social engineering - convincing victim to run npm in attacker-controlled folder eg. repository, including such innocent ones like "npm hel...

0.1AI score
Exploits0
Debian CVE
Debian CVE
added 2016/07/02 2:0 p.m.31 views

CVE-2016-3956

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers...

7.5CVSS7.4AI score0.06748EPSS
Exploits0
Rows per page
Query Builder