npm: insecure temporary directory generation
| Package(s): | npm |
CVE #(s): | CVE-2013-4116
|
| Created: | July 23, 2013 |
Updated: | July 24, 2013 |
| Description: |
From the Red Hat bugzilla:
An insecure temporary directory generation / use flaw was found in the way NPM, Node.js Package Manager, used to generate location of the temporary folder to be used for tarballs expansion. A local attacker could use this flaw to conduct symbolic link attacks, possibly leading to their ability to overwrite arbitrary system file reachable with the privileges of the user performing the NPM archive expansion. |
| Alerts: |
|
