All 3 CVE vulnerabilities found in node-tmp, with AI-generated Chinese analysis, references, and POCs.
Vendor: raszi
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-49982 | tmp: Type-confusion bypass of _assertPath in tmp@0.2.6 allows path traversal via non-string prefix/postfix/template CWE-20 | 8.2 | High | 2026-06-11 |
| CVE-2026-44705 | tmp: Path Traversal via unsanitized prefix/postfix enables directory escape CWE-22 | - | - | 2026-06-11 |
| CVE-2025-54798 | tmp does not restrict arbitrary temporary file / directory write via symbolic link `dir` parameter CWE-59 | 2.5 | Low | 2025-08-07 |
All 3 known CVE vulnerabilities affecting node-tmp with full Chinese analysis, references, and POCs where available.