GMS-2020-103: Symlink reference outside of node_modules in bin-links

September 4, 2020

Versions of bin-links are vulnerable to a Symlink reference outside of node_modules. It is possible to create symlinks to files outside of thenode_modules folder through the bin field. This may allow attackers to access unauthorized files.

References

github.com/advisories/GHSA-2mj8-pj3j-h362
www.npmjs.com/advisories/1435

Code Behaviors & Features

Detect and mitigate GMS-2020-103 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →