npm package
chownr
pkg:npm/chownr
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-18869 | — | < 1.1.0 | 1.1.0 | Jun 15, 2020 | A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks. |
- CVE-2017-18869Jun 15, 2020affected < 1.1.0fixed 1.1.0
A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.