Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists.
CVSS Information
N/A
Vulnerability Type
不安全的临时文件
Vulnerability Title
sync-exec 安全漏洞
Vulnerability Description
sync-exec是一款具有状态码支持的同步执行程序。 sync-exec 0.11.9之前版本中存在安全漏洞,该漏洞源于服务器上的其他用户拥有tmp目录的读取权限。攻击者可利用该漏洞获取buffer/tmp目录下敏感的文件信息。
CVSS Information
N/A
Vulnerability Type
N/A