Main Vulnerability Database Vulnerabilities #VU23919

#VU23919 Path traversal in bin-links

Published: January 3, 2020

Vulnerability identifier: #VU23919

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
bin-links

Software vendor:
isaacs

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences, which allows attackers to create arbitrary files in the system outside of the intended node_modules folder through the bin field.

Remediation

Update to version 1.1.5.

External links

https://www.npmjs.com/advisories/1427

#VU23919 Path traversal in bin-links

Description

Remediation

External links

Please verify you're human