VYPR
Low severityNVD Advisory· Published Jun 15, 2020· Updated Aug 5, 2024

CVE-2017-18869

CVE-2017-18869

Description

A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
chownrnpm
< 1.1.01.1.0

Affected products

2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.