From 8fb76afcf5425b07f1b740aa5784cb41676ef862 Mon Sep 17 00:00:00 2001 From: Mauripache <40329981+Mauripache@users.noreply.github.com> Date: Mon, 2 Feb 2026 17:00:25 -0300 Subject: [PATCH] Improve GHSA-3966-f6p6-2qr9 --- .../GHSA-3966-f6p6-2qr9.json | 22 +++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/advisories/unreviewed/2026/01/GHSA-3966-f6p6-2qr9/GHSA-3966-f6p6-2qr9.json b/advisories/unreviewed/2026/01/GHSA-3966-f6p6-2qr9/GHSA-3966-f6p6-2qr9.json index 219af4dda102d..27ecc48eb60fa 100644 --- a/advisories/unreviewed/2026/01/GHSA-3966-f6p6-2qr9/GHSA-3966-f6p6-2qr9.json +++ b/advisories/unreviewed/2026/01/GHSA-3966-f6p6-2qr9/GHSA-3966-f6p6-2qr9.json @@ -1,11 +1,12 @@ { "schema_version": "1.4.0", "id": "GHSA-3966-f6p6-2qr9", - "modified": "2026-01-23T06:31:24Z", + "modified": "2026-01-23T06:31:32Z", "published": "2026-01-23T06:31:24Z", "aliases": [ "CVE-2026-0775" ], + "summary": "CVE-2026-0775", "details": "npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the handling of modules. The application loads modules from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25430.", "severity": [ { @@ -13,7 +14,24 @@ "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], - "affected": [], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "npm" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + } + ] + } + ] + } + ], "references": [ { "type": "ADVISORY",