Описание
Unauthorized File Access in atompm
Versions of atompm prior to 0.8.2 are vulnerable to Unauthorized File Access. The package fails to sanitize relative paths in the URL for file downloads, allowing attackers to download arbitrary files from the system.
Recommendation
Upgrade to version 0.8.2 or later.
Пакеты
Наименование
atompm
npm
Затронутые версииВерсия исправления
< 0.8.2
0.8.2
Дефекты
CWE-200
Дефекты
CWE-200