Identifier

CVE-2017-18869

Package Slug

npm/chownr

Vulnerability

Time-of-check Time-of-use (TOCTOU) Race Condition

Description

A TOCTOU issue in the chownr package for Node.js could allow a local attacker to trick it into descending into unintended directories via symlink attacks.

Affected Versions

All versions before 1.1.0

Solution

Upgrade to version 1.1.0 or above.

Last Modified

2020-06-18

source