You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: locale/en/blog/vulnerability/december-2019-security-releases.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -35,7 +35,7 @@ This behavior is still possible through install scripts. This vulnerability bypa
35
35
36
36
### Arbitrary File Write
37
37
38
-
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended `node_modules` folder through the `bin` field. A properly constructed entry in the package.json`bin` field would allow a package publisher to modify and/or gain access to arbitrary files on a user’s system when the package is installed. It is only possible to affect files that the user running `npm install` has access to.
38
+
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended `node_modules` folder through the `bin` field. A properly constructed entry in the `package.json`bin field would allow a package publisher to create files on a user's system when the package is installed. It is only possible to affect files that the user running `npm install` has access to and it is not possible to overwrite files that already exist on disk.
39
39
40
40
This behavior is still possible through install scripts. This vulnerability bypasses a user using the `--ignore-scripts` install option.
0 commit comments