Low severityNVD Advisory· Published Jun 15, 2020· Updated Aug 5, 2024
CVE-2017-18869
CVE-2017-18869
Description
A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
chownrnpm | < 1.1.0 | 1.1.0 |
Affected products
2- Node.js/chownrdescription
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-c6rq-rjc2-86v2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-18869ghsaADVISORY
- bugs.debian.org/cgi-bin/bugreport.cgighsax_refsource_MISCWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/isaacs/chownr/commit/36a93e3f0a220062c47b237cf6ab6d5f55cd79c9ghsaWEB
- github.com/isaacs/chownr/commit/a631d841022880e5c8d694408a7e96d6d576d0ceghsaWEB
- github.com/isaacs/chownr/issues/14ghsax_refsource_MISCWEB
- snyk.io/vuln/npm:chownr:20180731ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.