It was discovered that npm/fstream incorrectly handled certain crafted tarballs. An attacker could use this vulnerability to write aritrary files to the filesystem.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.0.10-1ubuntu0.18.04.1", "binary_name": "node-fstream" } ] }