CVE-2017-18869

Published
View on NVD ↗
CVSS v3
2.5
LOW
CVSS v2
1.9
LOW
Affected
1
PROJECT

Description

A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.

isaacs/chownr
isaacs/chownr
Like `chown -R`
GitHubGitHub
29