Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary node_modules Directory Deletion in Google zx
Vulnerability Description
When zx is invoked with --prefer-local=<path>, the CLI creates a symlink named ./node_modules pointing to <path>/node_modules. Due to a logic error in src/cli.ts (linkNodeModules / cleanup), the function returns the target path instead of the alias (symlink path). The later cleanup routine removes what it received, which deletes the target directory itself. Result: zx can delete an external <path>/node_modules outside the current working directory.
CVSS Information
N/A
Vulnerability Type
使用不正确的解析名称或索引
Vulnerability Title
zx 安全漏洞
Vulnerability Description
zx是Google开源的一个编写脚本的工具。 zx存在安全漏洞,该漏洞源于逻辑错误,可能导致删除外部node_modules目录。
CVSS Information
N/A
Vulnerability Type
N/A