0.001 Low
EPSS
Percentile
28.8%
@npmcli/arborist is vulnerable to Remote Code Execution (RCE). The vulnerability exists due to the lack of sanitization of the symlink and the assigned dependency in the root level.
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2
www.npmjs.com/package/@npmcli/arborist
www.oracle.com/security-alerts/cpuoct2021.html