Crunkle

**Name of the Vulnerable Software and Affected Versions** npm versions 5.7.0 **Description** The issue is related to the `correctMkdir` component of the npm package manager, which incorrectly assigns permissions for a critical resource. This could allow an attacker to bypass existing security restrictions. The problem might enable local users to bypass intended filesystem access restrictions because the ownerships of `/etc` and `/usr` directories are being changed unexpectedly. **Recommendations** For npm version 5.7.0, consider restricting access to critical resources until a patch is available. As a temporary workaround, avoid using the `correctMkdir` component to minimize the risk of exploitation.