Описание
tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-tmp | fixed | 0.2.2+dfsg+~0.2.3-1.1 | package | |
| node-tmp | no-dsa | trixie | package | |
| node-tmp | no-dsa | bookworm | package |
Примечания
https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6
https://github.com/raszi/node-tmp/issues/207
https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b (v0.2.4)
EPSS
Связанные уязвимости
tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.
tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.
tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
EPSS