How severe is CVE-2019-16775?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2019-16775?

This is classified as CWE-61, which is a common weakness in software security.

CVE-2019-16775

MEDIUM Year: 2019

CVSS v3 Score

6.5

Medium

CVSS v2 Score

4.0

Medium

Weakness Type

CWE-61

View all →

Vulnerability Description

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.

CVE-2021-1145

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this ...

CWE-612021

CVE-2021-32508

MEDIUM

CVSS:6.5(Medium)

Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parame...

CWE-612021

CVE-2021-32509

MEDIUM

CVSS:6.5(Medium)

Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path paramete...

CWE-612021

CVE-2021-4287

MEDIUM

CVSS:6.5(Medium)

A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archiv...

CWE-612021

CVE-2022-3592

MEDIUM

CVSS:6.5(Medium)

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the ...

CWE-612022

CVE-2019-11246

MEDIUM

CVSS:6.4(Medium)

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over th...

CWE-612019

CVE-2019-16775

Vulnerability Description

Related Vulnerabilities

CVE-2021-1145

CVE-2021-32508

CVE-2021-32509

CVE-2021-4287

CVE-2022-3592

CVE-2019-11246