CVE-2019-16776: Path Traversal

July 7, 2020 (updated January 11, 2021)

npm is vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field.

References

nvd.nist.gov/vuln/detail/CVE-2019-16776

Detect and mitigate CVE-2019-16776 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →