Do your applications use this vulnerable package?
Test your applications
Overview
npm is a package manager for JavaScript.
Affected versions of this package are vulnerable to Access Restriction Bypass. It might allow local users to bypass intended filesystem access restrictions due to ownerships of /etc
and /usr
directories are being changed unexpectedly, related to a "correctMkdir" issue.
Remediation
Upgrade npm
to version 5.7.1 or higher.
References
CVSS Score
5.3
medium severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityNone
-
IntegrityLow
-
AvailabilityNone
- Credit
- Unknown
- CVE
- CVE-2018-7408
- CWE
- CWE-284
- Snyk ID
- npm:npm:20180222
- Disclosed
- 22 Feb, 2018
- Published
- 21 Mar, 2018