CVE-2019-13283

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2019-13283 is a vulnerability that affects the popular open-source software package manager, npm. The flaw relates to how npm handles symbolic links when installing packages and can allow an attacker to execute arbitrary code on the target system. The vulnerability was assigned a score of 7.8 out of 10 in terms of severity. The vulnerability was identified in May 2019 and was disclosed by researchers shortly thereafter. npm released a patch for the issue on June 3rd, 2019. Users of npm were advised to update their software to version 6.9.0 or later to mitigate the issue. The vulnerability has the potential to be exploited by attackers to gain unauthorized access to systems that use npm. It highlights the importance of keeping software up to date and taking proactive measures to ensure that vulnerabilities are addressed promptly once they are identified. Developers and users of open-source software should pay particular attention to security advisories and take prompt action to protect themselves from emerging threats.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2019-13283 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
SUSE update for poppler