Vulnerability	Vulnerable Version
H Arbitrary File Write org.webjars.npm:npm is a package manager for JavaScript. Affected versions of this package are vulnerable to Arbitrary File Write. It fails to prevent access to folders outside of the intended `node_modules` folder through the bin field. For `npm`, a properly constructed entry in the `package.json` bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user’s system when the package is installed. This behaviour is possible through install scripts. This vulnerability bypasses a user using the `--ignore-scripts install` option. How to fix Arbitrary File Write? Upgrade `org.webjars.npm:npm` to version 7.16.0 or higher.	[0,7.16.0)

Arbitrary File Write

org.webjars.npm:npm is a package manager for JavaScript.

Affected versions of this package are vulnerable to Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field.

For npm, a properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user’s system when the package is installed. This behaviour is possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.

How to fix Arbitrary File Write?

Upgrade org.webjars.npm:npm to version 7.16.0 or higher.

[0,7.16.0)

Go back to all versions of this package