CVE-2017-18869 Information
Feb 14, 2021
cve
Description
A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Reference
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863985 https://bugzilla.redhat.com/show_bug.cgi?id=1611614 https://github.com/isaacs/chownr/issues/14 https://snyk.io/vuln/npm:chownr:20180731
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
LOW
Base Score
NONE
Base Severity
2.5
Share on: