VYPR

npm package

chownr

pkg:npm/chownr

Vulnerabilities (1)

  • CVE-2017-18869Jun 15, 2020
    affected < 1.1.0fixed 1.1.0

    A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.