漏洞标题
npm CLI中的任意文件覆盖
漏洞描述信息
npm CLI中的任意文件覆盖漏洞
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
漏洞类别
N/A
漏洞标题
Arbitrary File Overwrite in npm CLI
漏洞描述信息
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
npm CLI 输入验证错误漏洞
漏洞描述信息
npm CLI是美国npm公司的一款软件包管理器。 npm CLI 6.13.4之前版本中存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。
CVSS信息
N/A
漏洞类别
输入验证错误