Npm (Node.js Package Manager) devs say the npm command-line interface (CLI) client is impacted by a security bug -- a combination between a file traversal and an arbitrary file (over)write issue.
The bug can be exploited by attackers to plant malicious binaries or overwrite files on a user's computer. The vulnerability can be exploited only during the installation of a booby-trapped npm package via the npm CLI.
Source (Dec 11, 2019) : https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
No comments:
Post a Comment