0.0004 Low
EPSS
Percentile
5.1%
npm is vulnerable to authorization bypass. During installation, the file access permissions on the local system are bypassed due to a change in ownership of the /etc/ and /usr directories, allowing a malicious file system access.
/etc/
/usr
blog.npmjs.org/post/171169301000/v571
github.com/npm/npm/commit/74e149da6efe6ed89477faa81fef08eee7999ad0
github.com/npm/npm/issues/19883