Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
tmp does not restrict arbitrary temporary file / directory write via symbolic link `dir` parameter
Vulnerability Description
tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Vulnerability Title
tmp 安全漏洞
Vulnerability Description
tmp是KARASZI István个人开发者的一个node.js的临时文件和目录创建器。 tmp 0.2.3及之前版本存在安全漏洞,该漏洞源于符号链接参数可能导致任意临时文件或目录写入。
CVSS Information
N/A
Vulnerability Type
N/A