{"id":"CVE-2018-7408","details":"An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as \"next: 5.7.0\" and therefore automatically installed by an \"npm upgrade -g npm\" command, and also announced in the vendor's blog without mention of pre-release status). It might allow local users to bypass intended filesystem access restrictions because ownerships of /etc and /usr directories are being changed unexpectedly, related to a \"correctMkdir\" issue.","aliases":["GHSA-ph34-pc88-72gc"],"modified":"2026-05-17T11:54:51.729697320Z","published":"2018-02-22T18:29:00.253Z","related":["CGA-f896-4842-p6h5"],"database_specific":{},"references":[{"type":"ADVISORY","url":"http://blog.npmjs.org/post/171169301000/v571"},{"type":"ADVISORY","url":"https://github.com/npm/npm/commit/74e149da6efe6ed89477faa81fef08eee7999ad0"},{"type":"REPORT","url":"https://github.com/npm/npm/issues/19883"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}