An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxZjYtNzV2OC12cjI2
Arbitrary File Write in bin-links
bin-links prior to 1.1.5 are vulnerable to an Arbitrary File Write. The package fails to restrict access to folders outside of the intended
node_modules folder through the
bin field. This allows attackers to create arbitrary files in the system. Note it is not possible to overwrite files that already exist.
Upgrade to version 1.1.5 or later.Permalink: https://github.com/advisories/GHSA-gqf6-75v8-vr26
Source: GitHub Advisory Database
Published: about 3 years ago
Updated: 9 months ago
Fixed in: 1.1.5