GHSA-vw7g-jq9m-3q9v

Опубликовано: 02 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Unauthorized File Access in glance

Versions of glance prior to 3.0.7 are vulnerable to Unauthorized File Access. The package provides a --nodot option meant to hide files and directories with names that begin with a ., such as .git but fails to hide files inside a folder that begins with ..

Recommendation

Upgrade to version 3.0.7 or later.

Ссылки

https://hackerone.com/reports/490379
https://www.npmjs.com/advisories/811

Пакеты

Наименование

glance

npm

Затронутые версииВерсия исправления

< 3.0.7

3.0.7