Homepage

bin-links@1.1.5 vulnerabilities

JavaScript package binary linker

  • latest version

    5.0.0

  • latest non vulnerable version

    5.0.0

  • first published

    7 years ago

  • latest version published

    5 months ago

  • licenses detected

  • View bin-links package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the bin-links package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Arbitrary File Overwrite

    bin-links is a .bin/ script linker package.

    Affected versions of this package are vulnerable to Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the first binary. This only affects files in /usr/local/bin.

    For npm, this behaviour is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.

    How to fix Arbitrary File Overwrite?

    Upgrade bin-links to version 1.1.6 or higher.

    <1.1.6
    Go back to all versions of this package