{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T19:38:50.742","vulnerabilities":[{"cve":{"id":"CVE-2019-16777","sourceIdentifier":"security-advisories@github.com","published":"2019-12-13T01:15:11.007","lastModified":"2024-11-21T04:31:10.213","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option."},{"lang":"es","value":"Las versiones de la CLI npm anteriores a 6.13.4 son vulnerables a una Sobrescritura de Archivos Arbitrarios. No puede impedir que los binarios existentes instalados globalmente sean sobrescritos por otras instalaciones de paquete. Por ejemplo, si un paquete fue instalado globalmente y creó un binario de servicio, cualquier instalación posterior de paquetes que también crea un binario de servicio sobrescribirá el binario de servicio anterior. Este comportamiento todavía es permitido en instalaciones locales y también por medio de scripts de instalación. Esta vulnerabilidad omite a un usuario que usa la opción de instalación --ignore-scripts."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:P","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:npmjs:npm:*:*:*:*:*:*:*:*","versionEndExcluding":"6.13.4","matchCriteriaId":"A90A3634-8A7A-4F77-B15E-CED8B01204CC"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","matchCriteriaId":"B620311B-34A3-48A6-82DF-6F078D7A4493"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:graalvm:19.3.0.2:*:*:*:enterprise:*:*:*","matchCriteriaId":"6B257954-6EF3-4CBF-A8A7-699F70F98153"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","matchCriteriaId":"80F0FA5D-8D3B-4C0E-81E2-87998286AF33"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*","matchCriteriaId":"92BC9265-6959-4D37-BE5E-8C45E98992F8"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHEA-2020:0330","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0573","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0579","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0597","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0602","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/","source":"security-advisories@github.com"},{"url":"https://security.gentoo.org/glsa/202003-48","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2020.html","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHEA-2020:0330","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0573","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0579","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0597","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2020:0602","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202003-48","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}