2 matches found
DEBIAN-CVE-2020-15095
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://:@::/". The password value is not redacted and is printed to stdout and also to any generated log files...
npm CLI Arbitrary File Write Vulnerability
The npm CLI is a JavaScript package manager. An arbitrary file write vulnerability exists in npm CLI versions prior to 6.13.3, which can be exploited by an attacker to write arbitrary files...