45 matches found
npm CLI path traversal vulnerability
The npm CLI is a package manager. A path traversal vulnerability exists in npm CLI versions prior to 6.13.3. The vulnerability stems from a failure of a networked system or product to properly filter for special elements in a resource or file path. An attacker could use this vulnerability to acce...
npm CLI CVE-2019-16776 Arbitrary File Write Vulnerability
Description npm CLI is prone to an arbitrary file-write vulnerability. Successful exploits may allow an attacker to gain access or perform unauthorized actions on arbitrary files on the affected system. Versions prior to npm 6.13.3 are vulnerable. Technologies Affected Oracle GraalVM Enterprise...
PT-2019-1105 · Npm +6 · Npm Cli +6
Name of the Vulnerable Software and Affected Versions: npm CLI versions prior to 6.13.3 Description: The issue exists due to incorrect restriction of the path name to a directory with limited access. Exploitation may allow a remote attacker to write arbitrary files by creating a symbolic link to...
Node.js third-party modules: Privilage escalation with malicious .npmrc
Hello. I'm forwarding to you my conversation with npm staff regarding security issue. It allows to escalate to root privilages of victim using either: a basic social engineering - convincing victim to run npm in attacker-controlled folder eg. repository, including such innocent ones like "npm hel...
CVE-2016-3956
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers...