Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Npm
(Npmjs)Repositories | https://github.com/npm/npm |
#Vulnerabilities | 8 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2016-07-02 | CVE-2016-3956 | The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers. | Sdk, Node\.js, Npm | 7.5 | ||
2018-02-22 | CVE-2018-7408 | An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status). It might allow local users to bypass intended filesystem access restrictions because ownerships of /etc and /usr directories are being changed unexpectedly, related to a "correctMkdir" issue. | Npm | 7.8 |