Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzanYtd3JmNC01ODQ1
Local Privilege Escalation in npm
Affected versions of npm use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the npm process has permission to write to, potentially resulting in local privilege escalation.
Recommendation
Update to version 1.3.3 or later.
Permalink: https://github.com/advisories/GHSA-v3jv-wrf4-5845JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzanYtd3JmNC01ODQ1
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 3 years ago
Updated: over 1 year ago
Identifiers: GHSA-v3jv-wrf4-5845, CVE-2013-4116
References:
- https://github.com/npm/npm/issues/3635
- https://www.npmjs.com/advisories/152
- http://www.openwall.com/lists/oss-security/2013/07/10/17
- https://nvd.nist.gov/vuln/detail/CVE-2013-4116
- https://github.com/npm/npm/commit/f4d31693
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715325
- https://bugzilla.redhat.com/show_bug.cgi?id=983917
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87141
- http://www.openwall.com/lists/oss-security/2013/07/11/9
- http://www.securityfocus.com/bid/61083
- https://github.com/advisories/GHSA-v3jv-wrf4-5845
Blast Radius: 0.0
Affected Packages
npm:npm
Dependent packages: 9,618Dependent repositories: 139,345
Downloads: 22,816,715 last month
Affected Version Ranges: < 1.3.3
Fixed in: 1.3.3
All affected versions: 1.1.25, 1.1.70, 1.1.71, 1.2.19, 1.2.20, 1.2.21, 1.2.22, 1.2.23, 1.2.24, 1.2.25, 1.2.27, 1.2.28, 1.2.30, 1.2.31, 1.2.32, 1.2.8000, 1.3.0, 1.3.1, 1.3.2
All unaffected versions: 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.3.9, 1.3.10, 1.3.11, 1.3.12, 1.3.13, 1.3.14, 1.3.15, 1.3.16, 1.3.17, 1.3.18, 1.3.20, 1.3.21, 1.3.22, 1.3.23, 1.3.24, 1.3.25, 1.3.26, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.10, 1.4.11, 1.4.12, 1.4.13, 1.4.14, 1.4.15, 1.4.16, 1.4.17, 1.4.18, 1.4.19, 1.4.20, 1.4.21, 1.4.22, 1.4.23, 1.4.24, 1.4.25, 1.4.26, 1.4.27, 1.4.28, 1.4.29, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.17, 2.1.18, 2.2.0, 2.3.0, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.9.0, 2.9.1, 2.10.0, 2.10.1, 2.11.0, 2.11.1, 2.11.2, 2.11.3, 2.12.0, 2.12.1, 2.13.0, 2.13.1, 2.13.2, 2.13.3, 2.13.4, 2.13.5, 2.14.0, 2.14.1, 2.14.2, 2.14.3, 2.14.4, 2.14.5, 2.14.6, 2.14.7, 2.14.8, 2.14.9, 2.14.10, 2.14.11, 2.14.12, 2.14.13, 2.14.14, 2.14.15, 2.14.16, 2.14.17, 2.14.18, 2.14.19, 2.14.20, 2.14.21, 2.14.22, 2.15.0, 2.15.1, 2.15.2, 2.15.3, 2.15.4, 2.15.5, 2.15.6, 2.15.7, 2.15.8, 2.15.9, 2.15.10, 2.15.11, 2.15.12, 3.0.0, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1, 3.2.2, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.8, 3.3.9, 3.3.10, 3.3.11, 3.3.12, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.6.0, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.7.5, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.8.7, 3.8.8, 3.8.9, 3.9.0, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.10.0, 3.10.1, 3.10.2, 3.10.3, 3.10.4, 3.10.5, 3.10.6, 3.10.7, 3.10.8, 3.10.9, 3.10.10, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.5, 4.1.0, 4.1.1, 4.1.2, 4.2.0, 4.3.0, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.5.0, 4.6.0, 4.6.1, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.1.0, 5.2.0, 5.3.0, 5.4.0, 5.4.1, 5.4.2, 5.5.0, 5.5.1, 5.6.0, 5.7.0, 5.7.1, 5.8.0, 5.10.0, 6.0.0, 6.0.1, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 6.4.1, 6.5.0, 6.6.0, 6.7.0, 6.8.0, 6.9.0, 6.9.2, 6.10.0, 6.10.1, 6.10.2, 6.10.3, 6.11.0, 6.11.1, 6.11.2, 6.11.3, 6.12.0, 6.12.1, 6.13.0, 6.13.1, 6.13.2, 6.13.3, 6.13.4, 6.13.5, 6.13.6, 6.13.7, 6.14.0, 6.14.1, 6.14.2, 6.14.3, 6.14.4, 6.14.5, 6.14.6, 6.14.7, 6.14.8, 6.14.9, 6.14.10, 6.14.11, 6.14.12, 6.14.13, 6.14.14, 6.14.15, 6.14.16, 6.14.17, 6.14.18, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.12, 7.0.13, 7.0.14, 7.0.15, 7.1.0, 7.1.1, 7.1.2, 7.2.0, 7.3.0, 7.4.0, 7.4.1, 7.4.2, 7.4.3, 7.5.0, 7.5.1, 7.5.2, 7.5.3, 7.5.4, 7.5.5, 7.5.6, 7.6.0, 7.6.1, 7.6.2, 7.6.3, 7.7.0, 7.7.1, 7.7.2, 7.7.3, 7.7.4, 7.7.5, 7.7.6, 7.8.0, 7.9.0, 7.10.0, 7.11.0, 7.11.1, 7.11.2, 7.12.0, 7.12.1, 7.13.0, 7.14.0, 7.15.0, 7.15.1, 7.16.0, 7.17.0, 7.18.0, 7.18.1, 7.19.0, 7.19.1, 7.20.0, 7.20.1, 7.20.2, 7.20.3, 7.20.4, 7.20.5, 7.20.6, 7.21.0, 7.21.1, 7.22.0, 7.23.0, 7.24.0, 7.24.1, 7.24.2, 8.0.0, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.2.0, 8.3.0, 8.3.1, 8.3.2, 8.4.0, 8.4.1, 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.5.5, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.12.1, 8.12.2, 8.13.0, 8.13.1, 8.13.2, 8.14.0, 8.15.0, 8.15.1, 8.16.0, 8.17.0, 8.18.0, 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 9.0.0, 9.0.1, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.2.0, 9.3.0, 9.3.1, 9.4.0, 9.4.1, 9.4.2, 9.5.0, 9.5.1, 9.6.0, 9.6.1, 9.6.2, 9.6.3, 9.6.4, 9.6.5, 9.6.6, 9.6.7, 9.7.0, 9.7.1, 9.7.2, 9.8.0, 9.8.1, 9.9.0, 9.9.1, 9.9.2, 9.9.3, 10.0.0, 10.1.0, 10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 10.2.5, 10.3.0, 10.4.0, 10.5.0, 10.5.1, 10.5.2