CVE-2013-4116

Name of the Vulnerable Software and Affected Versions Node Packaged Modules (npm) versions prior to 1.3.3

Description The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives. This can potentially result in local privilege escalation.

Recommendations Update to version 1.3.3 or later.