Lucene search
+L

4 matches found

RedHat Linux
RedHat Linux
added 2023/09/26 2:56 p.m.7 views

nodejs: mainModule.proto bypass experimental policy mechanism

A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition...

7.5CVSS7.1AI score0.0105EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/02/25 8:39 a.m.8 views

npm: Symlink reference outside of node_modules folder through the bin field upon installation

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

7.7CVSS7.5AI score0.03266EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/02/24 12:55 p.m.14 views

npm: Symlink reference outside of node_modules folder through the bin field upon installation

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

7.7CVSS7.5AI score0.03266EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/02/04 1:22 p.m.2 views

npm: Symlink reference outside of node_modules folder through the bin field upon installation

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

7.7CVSS7.5AI score0.03266EPSS
Exploits0References4
Rows per page
Query Builder