5 matches found
npm: Global node_modules Binary Overwrite
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...
npm: Global node_modules Binary Overwrite
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...
npm: Global node_modules Binary Overwrite
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...
npm: Global node_modules Binary Overwrite
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...
CVE-2019-16777
The CVE-2019-16777 entry affects the npm CLI for versions prior to 6.13.4, which are vulnerable to Arbitrary File Overwrite. The issue allows overwriting globally-installed binaries (e.g., a serve binary) during subsequent package installations, including when --ignore-scripts is used. This behav...