Homepage
About Snyk

bin-links@1.1.5 vulnerabilities

JavaScript package binary linker

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the bin-links package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Arbitrary File Overwrite

bin-links is a .bin/ script linker package.

Affected versions of this package are vulnerable to Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the first binary. This only affects files in /usr/local/bin.

For npm, this behaviour is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.

How to fix Arbitrary File Overwrite?

Upgrade bin-links to version 1.1.6 or higher.

<1.1.6
Go back to all versions of this package