Vulnerability Details CVE-2017-18869
A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.3%
CVSS Severity
CVSS v3 Score 2.5
CVSS v2 Score 1.9
References
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863985
- https://bugzilla.redhat.com/show_bug.cgi?id=1611614
- https://github.com/isaacs/chownr/issues/14
- https://snyk.io/vuln/npm:chownr:20180731
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863985
- https://bugzilla.redhat.com/show_bug.cgi?id=1611614
- https://github.com/isaacs/chownr/issues/14
- https://snyk.io/vuln/npm:chownr:20180731
Products affected by CVE-2017-18869
-
cpe:2.3:a:chownr_project:chownr:0.0.1
-
cpe:2.3:a:chownr_project:chownr:0.0.2
-
cpe:2.3:a:chownr_project:chownr:1.0.0
-
cpe:2.3:a:chownr_project:chownr:1.0.1