Vulnerabilities > Npmjs > Arborist > 1.0.3

DATE CVE VULNERABILITY TITLE RISK
2021-08-31 CVE-2021-39134 Improper Handling of Case Sensitivity vulnerability in multiple products
`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder.
local
low complexity
npmjs oracle siemens CWE-178
7.8
7.8
2021-08-31 CVE-2021-39135 UNIX Symbolic Link (Symlink) Following vulnerability in multiple products
`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder.
local
low complexity
npmjs oracle siemens CWE-61
7.8
7.8