VYPR
High severity7.8NVD Advisory· Published Feb 22, 2018· Updated Jun 17, 2026

CVE-2018-7408

CVE-2018-7408

Description

An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status). It might allow local users to bypass intended filesystem access restrictions because ownerships of /etc and /usr directories are being changed unexpectedly, related to a "correctMkdir" issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
npmnpm
< 5.7.15.7.1

Affected products

113

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.