0.001 Low
EPSS
Percentile
28.8%
@npmcli/arborist is vulnerable to remote code execution. The vulnerability exists due to a symlink dependency where an attacker is able to create arbitrary contents to be written to any location on the filesystem.
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
github.com/advisories/GHSA-2h3h-q99f-3fhc
github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc
www.npmjs.com/package/@npmcli/arborist
www.oracle.com/security-alerts/cpuoct2021.html