Homepage

org.webjars.npm:pkg@5.8.1 vulnerabilities

  • latest version

    5.8.1

  • first published

    1 years ago

  • latest version published

    1 years ago

  • licenses detected

  • package manager

    View on Maven Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.webjars.npm:pkg package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Creation of Temporary File in Directory with Insecure Permissions

    org.webjars.npm:pkg is a command line interface that enables packaging a Node.js project into an executable

    Affected versions of this package are vulnerable to Creation of Temporary File in Directory with Insecure Permissions in /tmp/pkg/, which is the hardcoded location for all included packages. A user with write access to that shared directory can replace packages and have them unknowingly executed by other users.

    Note: pkg is deprecated so no fix is expected for this issue. However, the maintainers "recommend investigating Node.js 21’s support for single executable applications".

    How to fix Creation of Temporary File in Directory with Insecure Permissions?

    There is no fixed version for org.webjars.npm:pkg.

    [0,)
    Go back to all versions of this package