2019-09-13 20:15:11 2019-09-16 15:56:27

Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE
Bower Bower - ~~~node.js~~ (not an official CPE) Bower Bower 0.1.1 ~~~node.js~~ (not an official CPE) Bower Bower 0.1.2 ~~~node.js~~ (not an official CPE) Bower Bower 0.2.0 ~~~node.js~~ (not an official CPE) Bower Bower 0.3.0 ~~~node.js~~ (not an official CPE) Bower Bower 0.3.1 ~~~node.js~~ (not an official CPE) Bower Bower 0.3.2 ~~~node.js~~ (not an official CPE) Bower Bower 0.4.0 ~~~node.js~~ (not an official CPE) Bower Bower 0.5.0 ~~~node.js~~ (not an official CPE) Bower Bower 0.5.1 ~~~node.js~~ (not an official CPE) Bower Bower 0.6.0 ~~~node.js~~ (not an official CPE) Bower Bower 0.6.1 ~~~node.js~~ (not an official CPE) Bower Bower 0.6.2 ~~~node.js~~ (not an official CPE) Bower Bower 0.6.3 ~~~node.js~~ (not an official CPE) Bower Bower 0.6.4 ~~~node.js~~ (not an official CPE) Bower Bower 0.6.5 ~~~node.js~~ (not an official CPE) Bower Bower 0.6.6 ~~~node.js~~ (not an official CPE) Bower Bower 0.6.7 ~~~node.js~~ (not an official CPE) Bower Bower 0.6.8 ~~~node.js~~ (not an official CPE) Bower Bower 0.7.0 ~~~node.js~~ (not an official CPE) Bower Bower 0.8.0 ~~~node.js~~ (not an official CPE) Bower Bower 0.8.1 ~~~node.js~~ (not an official CPE) Bower Bower 0.8.2 ~~~node.js~~ (not an official CPE) Bower Bower 0.8.3 ~~~node.js~~ (not an official CPE) Bower Bower 0.8.4 ~~~node.js~~ (not an official CPE) Bower Bower 0.8.5 ~~~node.js~~ (not an official CPE) Bower Bower 0.9.0 ~~~node.js~~ (not an official CPE) Bower Bower 0.9.1 ~~~node.js~~ (not an official CPE) Bower Bower 0.9.2 ~~~node.js~~ (not an official CPE) Bower Bower 0.10.0 ~~~node.js~~ (not an official CPE) Bower Bower 1.0.0 - ~~~node.js~~ (not an official CPE) Bower Bower 1.0.0 Alpha1 ~~~node.js~~ (not an official CPE) Bower Bower 1.0.0 Alpha2 ~~~node.js~~ (not an official CPE) Bower Bower 1.0.0 Alpha3 ~~~node.js~~ (not an official CPE) Bower Bower 1.0.0 Alpha4 ~~~node.js~~ (not an official CPE) Bower Bower 1.0.0 Alpha5 ~~~node.js~~ (not an official CPE) Bower Bower 1.0.0 Alpha6 ~~~node.js~~ (not an official CPE) Bower Bower 1.0.0 Alpha7 ~~~node.js~~ (not an official CPE) Bower Bower 1.0.0 Rc1 ~~~node.js~~ (not an official CPE) Bower Bower 1.0.0 Rc2 ~~~node.js~~ (not an official CPE) Bower Bower 1.0.0 Rc3 ~~~node.js~~ (not an official CPE) Bower Bower 1.0.0 Rc4 ~~~node.js~~ (not an official CPE) Bower Bower 1.0.1 ~~~node.js~~ (not an official CPE) Bower Bower 1.0.2 ~~~node.js~~ (not an official CPE) Bower Bower 1.0.3 ~~~node.js~~ (not an official CPE) Bower Bower 1.1.0 ~~~node.js~~ (not an official CPE) Bower Bower 1.1.1 ~~~node.js~~ (not an official CPE) Bower Bower 1.1.2 ~~~node.js~~ (not an official CPE) Bower Bower 1.2.0 ~~~node.js~~ (not an official CPE) Bower Bower 1.2.1 ~~~node.js~~ (not an official CPE) Bower Bower 1.2.2 ~~~node.js~~ (not an official CPE) Bower Bower 1.2.3 ~~~node.js~~ (not an official CPE) Bower Bower 1.2.4 ~~~node.js~~ (not an official CPE) Bower Bower 1.2.5 ~~~node.js~~ (not an official CPE) Bower Bower 1.2.6 ~~~node.js~~ (not an official CPE) Bower Bower 1.2.7 ~~~node.js~~ (not an official CPE) Bower Bower 1.2.8 ~~~node.js~~ (not an official CPE) Bower Bower 1.3.0 ~~~node.js~~ (not an official CPE) Bower Bower 1.3.1 ~~~node.js~~ (not an official CPE) Bower Bower 1.3.2 ~~~node.js~~ (not an official CPE) Bower Bower 1.3.3 ~~~node.js~~ (not an official CPE) Bower Bower 1.3.4 ~~~node.js~~ (not an official CPE) Bower Bower 1.3.5 ~~~node.js~~ (not an official CPE) Bower Bower 1.3.6 ~~~node.js~~ (not an official CPE) Bower Bower 1.3.7 ~~~node.js~~ (not an official CPE) Bower Bower 1.3.8 ~~~node.js~~ (not an official CPE) Bower Bower 1.3.9 ~~~node.js~~ (not an official CPE) Bower Bower 1.3.10 ~~~node.js~~ (not an official CPE) Bower Bower 1.3.11 ~~~node.js~~ (not an official CPE) Bower Bower 1.3.12 ~~~node.js~~ (not an official CPE) Bower Bower 1.4.0 ~~~node.js~~ (not an official CPE) Bower Bower 1.4.1 ~~~node.js~~ (not an official CPE) Bower Bower 1.4.2 ~~~node.js~~ (not an official CPE) Bower Bower 1.5.0 ~~~node.js~~ (not an official CPE) Bower Bower 1.5.1 ~~~node.js~~ (not an official CPE) Bower Bower 1.5.2 ~~~node.js~~ (not an official CPE) Bower Bower 1.5.3 ~~~node.js~~ (not an official CPE) Bower Bower 1.5.4 ~~~node.js~~ (not an official CPE) Bower Bower 1.6.0 ~~~node.js~~ (not an official CPE) Bower Bower 1.6.1 ~~~node.js~~ (not an official CPE) Bower Bower 1.6.2 ~~~node.js~~ (not an official CPE) Bower Bower 1.6.3 ~~~node.js~~ (not an official CPE) Bower Bower 1.6.4 ~~~node.js~~ (not an official CPE) Bower Bower 1.6.5 ~~~node.js~~ (not an official CPE) Bower Bower 1.6.6 ~~~node.js~~ (not an official CPE) Bower Bower 1.6.7 ~~~node.js~~ (not an official CPE) Bower Bower 1.6.8 ~~~node.js~~ (not an official CPE) Bower Bower 1.6.9 ~~~node.js~~ (not an official CPE) Bower Bower 1.7.0 ~~~node.js~~ (not an official CPE) Bower Bower 1.7.1 ~~~node.js~~ (not an official CPE) Bower Bower 1.7.2 ~~~node.js~~ (not an official CPE) Bower Bower 1.7.3 ~~~node.js~~ (not an official CPE) Bower Bower 1.7.5 ~~~node.js~~ (not an official CPE) Bower Bower 1.7.6 ~~~node.js~~ (not an official CPE) Bower Bower 1.7.7 ~~~node.js~~ (not an official CPE) Bower Bower 1.7.8 ~~~node.js~~ (not an official CPE) Bower Bower 1.7.9 ~~~node.js~~ (not an official CPE) Bower Bower 1.8.0 ~~~node.js~~ (not an official CPE) Bower Bower 1.8.2 ~~~node.js~~ (not an official CPE) Bower Bower 1.8.3 ~~~node.js~~ (not an official CPE) Bower Bower 1.8.4 ~~~node.js~~ (not an official CPE) Bower Bower 1.8.5 ~~~node.js~~ (not an official CPE) Bower Bower 1.8.6 ~~~node.js~~ (not an official CPE) Bower Bower 1.8.7 ~~~node.js~~ (not an official CPE)