{"id":"CVE-2013-4116","details":"lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.","aliases":["GHSA-v3jv-wrf4-5845"],"modified":"2026-04-10T03:42:54.453534Z","published":"2014-04-22T14:23:34Z","related":["CGA-jv7c-gh6x-xcqh"],"references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2013/07/10/17"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2013/07/11/9"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/61083"},{"type":"ADVISORY","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715325"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=983917"},{"type":"ADVISORY","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/87141"},{"type":"ADVISORY","url":"https://github.com/npm/npm/commit/f4d31693"},{"type":"ADVISORY","url":"https://github.com/npm/npm/issues/3635"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2013/07/10/17"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2013/07/11/9"},{"type":"FIX","url":"https://github.com/npm/npm/commit/f4d31693"},{"type":"REPORT","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715325"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=983917"}],"schema_version":"1.7.5"}