Node · Npm · CVE-2013-4116
**Name of the Vulnerable Software and Affected Versions**
Node Packaged Modules (npm) versions prior to 1.3.3
**Description**
The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives. This can potentially result in local privilege escalation.
**Recommendations**
Update to version 1.3.3 or later.