All the vulnerabilities related to the version 1.1.4 of the package
Symlink reference outside of node_modules in bin-links
Versions of bin-links prior to 1.1.5 are vulnerable to a Symlink reference outside of node_modules. It is possible to create symlinks to files outside of thenode_modules folder through the bin field. This may allow attackers to access unauthorized files.
Upgrade to version 1.1.5 or later.
Arbitrary File Write in bin-links
Versions of bin-links prior to 1.1.5 are vulnerable to an Arbitrary File Write. The package fails to restrict access to folders outside of the intended node_modules folder through the bin field. This allows attackers to create arbitrary files in the system. Note it is not possible to overwrite files that already exist.
Upgrade to version 1.1.5 or later.
Global node_modules Binary Overwrite in bin-links
Versions of bin-links prior to 1.1.6 are vulnerable to a Global node_modules Binary Overwrite. It fails to prevent globally-installed binaries to be overwritten by other package installs. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the first binary. This behavior is still allowed in local installations.
Upgrade to version 1.1.6 or later.
