CVE-2019-5484

Name of the Vulnerable Software and Affected Versions bower versions prior to 1.8.8

Description The issue allows for a path traversal vulnerability, enabling file write in arbitrary locations via the install command. This occurs because bower does not verify that extracted symbolic links do not resolve to targets outside of the extraction root directory, permitting attackers to write arbitrary files when a malicious package is extracted.

Recommendations Update to version 1.8.8 or later.