NodeJS/bower/1.7.9


The browser package manager

https://www.npmjs.com/package/bower
MIT

3 Security Vulnerabilities

Symlink Arbitrary File Overwrite in bower

Published date: 2019-09-17T23:21:34Z
CVE: CVE-2019-5484
Links:

Versions of bower prior to 1.8.8 are affected by an arbitrary file write vulnerability. The vulnerability occurs because bower does not verify that extracted symbolic links do not resolve to targets outside of the extraction root directory.

Recommendation

Update to version 1.8.8 or later

Affected versions: ["0.1.0", "0.1.2", "0.1.3", "0.2.0", "0.3.0", "0.3.1", "0.3.2", "0.4.0", "0.5.0", "0.5.1", "0.6.0", "0.6.1", "0.6.2", "0.6.3", "0.6.4", "0.6.5", "0.6.6", "0.6.7", "0.6.8", "0.7.0", "0.7.1", "0.8.0", "0.8.1", "0.8.2", "0.8.3", "0.8.4", "0.8.5", "0.8.6", "0.9.0", "0.9.1", "0.9.2", "0.10.0", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.1.0", "1.1.1", "1.1.2", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.2.7", "1.2.8", "1.3.0", "1.3.1", "1.3.2", "1.3.3", "1.3.4", "1.3.5", "1.3.6", "1.3.7", "1.3.8", "1.3.9", "1.3.10", "1.3.11", "1.3.12", "1.4.0", "1.4.1", "1.5.0", "1.5.1", "1.5.2", "1.5.3", "1.6.2", "1.6.3", "1.6.4", "1.6.5", "1.5.4", "1.4.2", "1.6.6", "1.6.7", "1.6.8", "1.6.9", "1.7.0", "1.7.1", "1.7.2", "1.7.5", "1.7.6", "1.7.7", "1.7.8", "1.7.9", "1.8.0", "1.8.2", "1.7.10", "1.8.3", "1.8.4", "1.8.6", "1.8.7"]
Secure versions: [1.8.8, 1.8.9, 1.8.10, 1.8.11, 1.8.12, 1.8.13, 1.8.14]
Recommendation: Update to version 1.8.14.

Arbitrary File Write Through Archive Extraction

Published date: 2019-01-24
Links:

attackers can write arbitrary files when a malicious archive is extracted.

Affected versions: ["0.1.0", "0.1.2", "0.1.3", "0.2.0", "0.3.0", "0.3.1", "0.3.2", "0.4.0", "0.5.0", "0.5.1", "0.6.0", "0.6.1", "0.6.2", "0.6.3", "0.6.4", "0.6.5", "0.6.6", "0.6.7", "0.6.8", "0.7.0", "0.7.1", "0.8.0", "0.8.1", "0.8.2", "0.8.3", "0.8.4", "0.8.5", "0.8.6", "0.9.0", "0.9.1", "0.9.2", "0.10.0", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.1.0", "1.1.1", "1.1.2", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.2.7", "1.2.8", "1.3.0", "1.3.1", "1.3.2", "1.3.3", "1.3.4", "1.3.5", "1.3.6", "1.3.7", "1.3.8", "1.3.9", "1.3.10", "1.3.11", "1.3.12", "1.4.0", "1.4.1", "1.5.0", "1.5.1", "1.5.2", "1.5.3", "1.6.2", "1.6.3", "1.6.4", "1.6.5", "1.5.4", "1.4.2", "1.6.6", "1.6.7", "1.6.8", "1.6.9", "1.7.0", "1.7.1", "1.7.2", "1.7.5", "1.7.6", "1.7.7", "1.7.8", "1.7.9", "1.8.0", "1.8.2", "1.7.10", "1.8.3", "1.8.4", "1.8.6"]
Secure versions: [1.8.8, 1.8.9, 1.8.10, 1.8.11, 1.8.12, 1.8.13, 1.8.14]
Recommendation: Update bower to latest patch version >=1.8.7

Path Traversal

Published date: 2019-01-26
CVEs: ["CVE-2019-5484"]
CVSS Score: 8
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Links:

[bower] Arbitrary File Write through improper validation of symlinks while package extraction

Affected versions: ["0.1.0", "0.1.2", "0.1.3", "0.2.0", "0.3.0", "0.3.1", "0.3.2", "0.4.0", "0.5.0", "0.5.1", "0.6.0", "0.6.1", "0.6.2", "0.6.3", "0.6.4", "0.6.5", "0.6.6", "0.6.7", "0.6.8", "0.7.0", "0.7.1", "0.8.0", "0.8.1", "0.8.2", "0.8.3", "0.8.4", "0.8.5", "0.8.6", "0.9.0", "0.9.1", "0.9.2", "0.10.0", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.1.0", "1.1.1", "1.1.2", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.2.7", "1.2.8", "1.3.0", "1.3.1", "1.3.2", "1.3.3", "1.3.4", "1.3.5", "1.3.6", "1.3.7", "1.3.8", "1.3.9", "1.3.10", "1.3.11", "1.3.12", "1.4.0", "1.4.1", "1.5.0", "1.5.1", "1.5.2", "1.5.3", "1.6.2", "1.6.3", "1.6.4", "1.6.5", "1.5.4", "1.4.2", "1.6.6", "1.6.7", "1.6.8", "1.6.9", "1.7.0", "1.7.1", "1.7.2", "1.7.5", "1.7.6", "1.7.7", "1.7.8", "1.7.9", "1.8.0", "1.8.2", "1.7.10", "1.8.3", "1.8.4", "1.8.6", "1.8.7"]
Secure versions: [1.8.8, 1.8.9, 1.8.10, 1.8.11, 1.8.12, 1.8.13, 1.8.14]
Recommendation: Update bower module to version >=1.8.8

99 Other Versions

Version License Security Released
1.8.14 MIT 2022-03-14 - 15:41 about 2 years
1.8.13 MIT 2021-11-15 - 15:10 over 2 years
1.8.12 MIT 2021-01-18 - 15:45 about 3 years
1.8.11 MIT 2021-01-18 - 11:02 about 3 years
1.8.10 MIT 2021-01-14 - 17:46 about 3 years
1.8.9 MIT 2021-01-14 - 16:26 about 3 years
1.8.8 MIT 2019-01-23 - 21:25 about 5 years
1.8.7 MIT 2 2019-01-17 - 22:39 about 5 years
1.8.6 MIT 3 2019-01-17 - 13:38 about 5 years
1.8.4 MIT 3 2018-03-28 - 19:04 about 6 years
1.8.3 MIT 3 2018-03-28 - 18:10 about 6 years
1.8.2 MIT 3 2017-09-13 - 16:46 over 6 years
1.8.0 MIT 3 2016-11-07 - 10:01 over 7 years
1.7.10 MIT 3 2017-09-13 - 17:41 over 6 years
1.7.9 MIT 3 2016-04-05 - 11:54 almost 8 years
1.7.8 MIT 3 2016-04-04 - 17:14 almost 8 years
1.7.7 MIT 3 2016-01-27 - 17:23 about 8 years
1.7.6 MIT 3 2016-01-27 - 10:59 about 8 years
1.7.5 MIT 3 2016-01-26 - 21:42 about 8 years
1.7.2 MIT 3 2015-12-31 - 02:09 about 8 years
1.7.1 MIT 3 2015-12-11 - 20:46 over 8 years
1.7.0 MIT 3 2015-12-07 - 12:52 over 8 years
1.6.9 MIT 3 2015-12-04 - 21:27 over 8 years
1.6.8 MIT 3 2015-11-27 - 14:57 over 8 years
1.6.7 MIT 3 2015-11-26 - 11:32 over 8 years
1.6.6 MIT 3 2015-11-25 - 15:46 over 8 years
1.6.5 MIT 3 2015-10-24 - 10:18 over 8 years
1.6.4 MIT 3 2015-10-24 - 10:08 over 8 years
1.6.3 MIT 3 2015-10-16 - 09:49 over 8 years
1.6.2 MIT 3 2015-10-15 - 14:22 over 8 years
1.5.4 MIT 3 2015-11-24 - 17:03 over 8 years
1.5.3 MIT 3 2015-09-24 - 12:04 over 8 years
1.5.2 MIT 3 2015-08-25 - 20:39 over 8 years
1.5.1 MIT 3 2015-08-23 - 14:38 over 8 years
1.5.0 MIT 3 2015-08-23 - 13:27 over 8 years
1.4.2 MIT 3 2015-11-24 - 17:08 over 8 years
1.4.1 MIT 3 2015-04-01 - 07:40 almost 9 years
1.4.0 MIT 3 2015-03-30 - 22:50 almost 9 years
1.3.12 MIT 3 2014-09-28 - 16:39 over 9 years
1.3.11 MIT 3 2014-09-18 - 00:25 over 9 years
1.3.10 MIT 3 2014-09-13 - 14:52 over 9 years
1.3.9 MIT 3 2014-08-06 - 19:38 over 9 years
1.3.8 MIT 3 2014-07-11 - 20:49 over 9 years
1.3.7 MIT 3 2014-07-04 - 12:07 over 9 years
1.3.6 MIT 3 2014-07-02 - 13:07 over 9 years
1.3.5 MIT 3 2014-06-08 - 10:15 almost 10 years
1.3.4 MIT 3 2014-06-02 - 14:22 almost 10 years
1.3.3 MIT 3 2014-04-24 - 20:58 almost 10 years
1.3.2 MIT 3 2014-04-07 - 09:30 almost 10 years
1.3.1 MIT 3 2014-03-11 - 23:39 about 10 years
1.3.0 MIT 3 2014-03-11 - 11:59 about 10 years
1.2.8 MIT 3 2013-12-02 - 13:45 over 10 years
1.2.7 MIT 3 2013-09-29 - 22:07 over 10 years
1.2.6 MIT 3 2013-09-04 - 01:44 over 10 years
1.2.5 MIT 3 2013-08-28 - 21:07 over 10 years
1.2.4 MIT 3 2013-08-23 - 22:13 over 10 years
1.2.3 MIT 3 2013-08-22 - 18:10 over 10 years
1.2.2 MIT 3 2013-08-20 - 22:33 over 10 years
1.2.1 MIT 3 2013-08-19 - 18:21 over 10 years
1.2.0 MIT 3 2013-08-19 - 07:44 over 10 years
1.1.2 MIT 3 2013-08-10 - 15:11 over 10 years
1.1.1 MIT 3 2013-08-08 - 13:14 over 10 years
1.1.0 MIT 3 2013-08-03 - 16:32 over 10 years
1.0.3 MIT 3 2013-07-30 - 08:00 over 10 years
1.0.2 MIT 3 2013-07-29 - 23:18 over 10 years
1.0.1 MIT 3 2013-07-29 - 22:59 over 10 years
1.0.0 MIT 3 2013-07-23 - 00:13 over 10 years
0.10.0 MIT 3 2013-07-23 - 00:08 over 10 years
0.9.2 MIT 3 2013-04-27 - 12:01 almost 11 years
0.9.1 MIT 3 2013-04-27 - 11:04 almost 11 years
0.9.0 MIT 3 2013-04-25 - 22:18 almost 11 years
0.8.6 MIT 3 2013-04-03 - 22:54 almost 11 years
0.8.5 MIT 3 2013-03-04 - 01:54 about 11 years
0.8.4 MIT 3 2013-03-01 - 11:49 about 11 years
0.8.3 MIT 3 2013-02-27 - 10:09 about 11 years
0.8.2 MIT 3 2013-02-26 - 21:04 about 11 years
0.8.1 MIT 3 2013-02-25 - 23:40 about 11 years
0.8.0 MIT 3 2013-02-24 - 16:23 about 11 years
0.7.1 MIT 3 2013-02-18 - 22:04 about 11 years
0.7.0 MIT 3 2013-02-01 - 00:42 about 11 years
0.6.8 MIT 3 2012-12-14 - 11:05 over 11 years
0.6.7 MIT 3 2012-12-10 - 17:57 over 11 years
0.6.6 MIT 3 2012-12-03 - 22:34 over 11 years
0.6.5 MIT 3 2012-12-01 - 14:37 over 11 years
0.6.4 MIT 3 2012-11-30 - 00:52 over 11 years
0.6.3 MIT 3 2012-11-24 - 15:37 over 11 years
0.6.2 MIT 3 2012-11-23 - 09:24 over 11 years
0.6.1 MIT 3 2012-11-23 - 01:44 over 11 years
0.6.0 MIT 3 2012-11-21 - 23:31 over 11 years
0.5.1 MIT 3 2012-11-20 - 21:29 over 11 years
0.5.0 MIT 3 2012-11-19 - 20:20 over 11 years
0.4.0 MIT 3 2012-11-12 - 01:12 over 11 years
0.3.2 MIT 3 2012-11-04 - 18:42 over 11 years
0.3.1 MIT 3 2012-10-31 - 17:59 over 11 years
0.3.0 MIT 3 2012-10-22 - 22:41 over 11 years
0.2.0 MIT 3 2012-09-25 - 20:56 over 11 years
0.1.3 MIT 3 2012-09-18 - 17:38 over 11 years
0.1.2 MIT 3 2012-09-16 - 21:38 over 11 years
0.1.0 MIT 3 2012-09-04 - 23:58 over 11 years