CVE-2017-18869 - CERT CVE

  1. CVE-2017-18869

ID CVE-2017-18869
Sažetak A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.
Reference
CVSS
Base: 1.9
Impact: 2.9
Exploitability:3.4
Pristup
VektorSloženostAutentikacija
LOCAL MEDIUM NONE
Impact
PovjerljivostCjelovitostDostupnost
NONE PARTIAL NONE
CVSS vektor AV:L/AC:M/Au:N/C:N/I:P/A:N
Zadnje važnije ažuriranje 17-06-2020 - 19:51
Objavljeno 15-06-2020 - 15:15