mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
871 B
871 B
CVE-2019-5484
&color=brighgreen)
Description
Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted.
POC
Reference
- https://hackerone.com/reports/473811
- https://hackerone.com/reports/492512
- https://snyk.io/blog/severe-security-vulnerability-in-bowers-zip-archive-extraction