CNNVD-202508-647 Information

CNNVD ID

CNNVD-202508-647

Related CVE

CVE-2025-54798

• CNNVD Published: 2025-08-07

Description (Chinese)

tmp是KARASZI István个人开发者的一个node.js的临时文件和目录创建器。 tmp 0.2.3及之前版本存在安全漏洞，该漏洞源于符号链接参数可能导致任意临时文件或目录写入。

Description (English)

tmp is a temporary file and catalogue creator of Node.js by KARASZI István personal developer. There is a security loophole in the tmp 0.2.3 and previous versions, which stems from symbolic link parameters that may lead to any temporary file or directory writing.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-08-07

Last Modified

2026-02-24

References

https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b https://github.com/raszi/node-tmp/issues/207 https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6

Patch

https://github.com/raszi/node-tmp/tags