GMS-2020-82: Unauthorized File Access in atompm

September 11, 2020 (updated September 28, 2021)

Versions of atompm are vulnerable to Unauthorized File Access. The package fails to sanitize relative paths in the URL for file downloads, allowing attackers to download arbitrary files from the system. Upgrade to or later.

References

github.com/advisories/GHSA-v86x-f47q-f7f4
www.npmjs.com/advisories/959

Detect and mitigate GMS-2020-82 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →