Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2019-5484
PUBLISHED
More InfoOfficial Page
Assigner-hackerone
Assigner Org ID-36234546-b8fa-4601-9d6f-f4e334aa8ea1
View Known Exploited Vulnerability (KEV) details
Published At-13 Sep, 2019 | 17:30
Updated At-04 Aug, 2024 | 19:54
Rejected At-
▼CVE Numbering Authority (CNA)

Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted.

Affected Products
Vendor
n/a
Product
bower
Versions
Affected
  • Fixed in >=1.8.8
Problem Types
TypeCWE IDDescription
CWECWE-22Path Traversal (CWE-22)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://hackerone.com/reports/473811
x_refsource_MISC
https://snyk.io/blog/severe-security-vulnerability-in-bowers-zip-archive-extraction
x_refsource_MISC
https://github.com/bower/bower/commit/45c6bfa86f6e57731b153baca9e0b41a1cc699e3
x_refsource_MISC
https://lists.apache.org/thread.html/r8ba4c628fba7181af58817d452119481adce4ba92e889c643e4c7dd3%40%3Ccommits.netbeans.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rb5ac16fad337d1f3bb7079549f97d8166d0ef3082629417c39f12d63%40%3Cnotifications.netbeans.apache.org%3E
mailing-list
x_refsource_MLIST
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://hackerone.com/reports/473811
x_refsource_MISC
x_transferred
https://snyk.io/blog/severe-security-vulnerability-in-bowers-zip-archive-extraction
x_refsource_MISC
x_transferred
https://github.com/bower/bower/commit/45c6bfa86f6e57731b153baca9e0b41a1cc699e3
x_refsource_MISC
x_transferred
https://lists.apache.org/thread.html/r8ba4c628fba7181af58817d452119481adce4ba92e889c643e4c7dd3%40%3Ccommits.netbeans.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rb5ac16fad337d1f3bb7079549f97d8166d0ef3082629417c39f12d63%40%3Cnotifications.netbeans.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
Details not found