mirror of
https://github.com/0xMarcio/cve.git
synced 2026-02-12 22:53:11 +00:00
901 B
901 B
CVE-2019-5484
&color=brightgreen)
Description
Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted.
POC
Reference
- https://hackerone.com/reports/473811
- https://hackerone.com/reports/492512
- https://snyk.io/blog/severe-security-vulnerability-in-bowers-zip-archive-extraction