Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| bower(npm) | 0 | 1.8.8 | N/A |
CVSS Metrics
