PT-2014-2739 · Node · Npm

Daniel Kahn Gillmor

Published

2014-04-22

Updated

2020-10-14

CVE-2013-4116

CVSS v2.0

3.3

Low

Vector

AV:L/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Node Packaged Modules (npm) versions prior to 1.3.3

Description The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives. This can potentially result in local privilege escalation.

Recommendations Update to version 1.3.3 or later.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2013-4116

GHSA-V3JV-WRF4-5845

Affected Products

Npm

PT-2014-2739 · Node · Npm

CVE-2013-4116

Weakness Enumeration

Related Identifiers

Affected Products

References · 19