VYPR
Low severityNVD Advisory· Published Apr 22, 2014· Updated Jun 16, 2026

CVE-2013-4116

CVE-2013-4116

Description

lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
npmnpm
< 1.3.31.3.3

Affected products

114

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.