lib/npm.js in Node Packaged Modules (npm) prior to 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
node packaged modules project node packaged modules |