CVE-2015-8860: Symlink Arbitrary File Overwrite

January 23, 2017 (updated January 24, 2017)

The tar module allow for archives to contain symbolic links that will overwrite targets outside the expected path for extraction.

References

github.com/npm/npm/releases/tag/v2.7.5

Detect and mitigate CVE-2015-8860 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →