CVE-2013-4116

Published April 22nd, 2014

View on NVD ↗

CVSS v3

N/A

CVSS v2

3.3

LOW

Affected

PROJECT

Description

lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

npm/npm

This repository is moving to: https://github.com/npm/cli

GitHub

17.6K