Npm Arborist vulnerabilities
2 known vulnerabilities affecting npm/arborist.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2021-39135HIGHCVSS 7.8fixed in 2.8.22021-08-31
CVE-2021-39135 [HIGH] CWE-61 CVE-2021-39135: `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder
`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is accomplished by extracting package contents
cvelistv5nvd
CVE-2021-39134HIGHCVSS 7.8fixed in 2.8.22021-08-31
CVE-2021-39134 [HIGH] CWE-61 CVE-2021-39134: `@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` fold
`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving depend
cvelistv5nvd