Severity: low

    Symlink reference outside of node_modules

    bin-links

    Overview

    Versions of bin-links prior to 1.1.5 are vulnerable to a Symlink reference outside of node_modules. It is possible to create symlinks to files outside of thenode_modules folder through the bin field. This may allow attackers to access unauthorized files.

    Remediation

    Upgrade to version 1.1.5 or later.

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      Dec 12th, 2019
    2. reported

      Reported by Daniel Ruf
      Dec 11th, 2019