RSS   Vulnerabilities for 'Node packaged modules'   RSS

2014-04-22
 
CVE-2013-4116

CWE-59
 

 
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

 

 >>> Vendor: Npmjs 5 Products
Node packaged modules
Marked
NPM
Npm-user-validate
Hosted-git-info


Copyright 2024, cxsecurity.com

 

Back to Top