All the vulnerabilities related to the version 0.9.1 of the package
closurecompiler downloads Resources over HTTP
Affected versions of closurecompiler insecurely download an executable over an unencrypted HTTP connection.
In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running closurecompiler.
Update to version 1.6.1 or later.
Arbitrary File Overwrite in fstream
Versions of fstream prior to 1.0.12 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
Upgrade to version 1.0.12 or later.
