A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.
References
Link | Resource |
---|---|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863985 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1611614 | Permissions Required |
https://github.com/isaacs/chownr/issues/14 | Third Party Advisory |
https://snyk.io/vuln/npm:chownr:20180731 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-06-15T14:33:51
Updated: 2020-06-15T14:33:51
Reserved: 2020-06-15T00:00:00
Link: CVE-2017-18869
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-06-15T15:15:09.317
Modified: 2020-06-17T19:51:43.013
Link: CVE-2017-18869
JSON object: View
Redhat Information
No data.
CWE