Lucene search
Veracode Vulnerability DatabaseVERACODE:13265HistoryJan 25, 2019 - 1:35 a.m.
Arbitrary File Write
2019-01-2501:35:53
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.003 Low
EPSS
Percentile
65.4%
bower is vulnerable to arbitrary file write attacks. The vulnerability exists as it fails to restrict extracting files that are referencing symbolic links, allowing arbitrary files to be written during decompression.
References
github.com/bower/bower/commit/45c6bfa86f6e57731b153baca9e0b41a1cc699e3
hackerone.com/reports/473811
lists.apache.org/thread.html/r8ba4c628fba7181af58817d452119481adce4ba92e889c643e4c7dd3@%3Ccommits.netbeans.apache.org%3E
lists.apache.org/thread.html/rb5ac16fad337d1f3bb7079549f97d8166d0ef3082629417c39f12d63@%3Cnotifications.netbeans.apache.org%3E
Related
github
github
Symlink Arbitrary File Overwrite in bower
2019-09-17 23:21:34
prion
prion
Path traversal
2019-09-13 18:15:00
cvelist
cvelist
CVE-2019-5484
2019-09-13 17:30:23
hackerone
hackerone
osv
osv
CVE-2019-5484
2019-09-13 18:15:11
Symlink Arbitrary File Overwrite in bower
2019-09-17 23:21:34
ibm
ibm
cve
cve
CVE-2019-5484
2019-09-13 18:15:11
nvd
nvd
CVE-2019-5484
2019-09-13 18:15:11
alpinelinux
alpinelinux
CVE-2019-5484
2019-09-13 18:15:11
githubexploit
githubexploit
Exploit for Path Traversal in Bower
2020-12-01 09:18:58