Google Cloud Dataform Path Traversal Vulnerability in NPM Package Installation

Vulnerability

A path traversal vulnerability has been identified in the NPM package installation process of Google Cloud Dataform. This vulnerability allows remote attackers to read and write files in other customers' repositories by using a maliciously crafted package.json file.

Impact

Exploitation of this vulnerability could lead to unauthorized access to read and write files in affected customers' repositories.

Added: Aug 25, 2025, 7:17 AM

Updated: Aug 25, 2025, 7:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Google Cloud Dataform Path Traversal Vulnerability in NPM Package Installation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating