You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Snyk reports the following High severity vulnerability in HumanCellAtlas/ingest-file-archiver. Please remediate by the end of Q1 Milestone 2.
Description
bin-links
Suggested Remediation
Upgrade bin-links to version 1.1.6 or higher.
Details
bin-links is a .bin/ script linker package. Affected versions of this package are vulnerable to Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the first binary. This only affects files in /usr/local/bin. For npm, this behaviour is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
The text was updated successfully, but these errors were encountered:
Snyk reports the following High severity vulnerability in HumanCellAtlas/ingest-file-archiver. Please remediate by the end of Q1 Milestone 2.
Description
bin-links
Suggested Remediation
Upgrade bin-links to version 1.1.6 or higher.
Details
bin-links is a .bin/ script linker package. Affected versions of this package are vulnerable to Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the first binary. This only affects files in /usr/local/bin. For npm, this behaviour is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
The text was updated successfully, but these errors were encountered: