CVE-2019-13173

Опубликовано: 02 июл. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 6.4

EPSS Низкий

Описание

fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00052.html
https://github.com/npm/fstream/commit/6a77d2fa6e1462693cf8e46f930da96ec1b0bb22
Patch
Third Party Advisory
https://usn.ubuntu.com/4123-1/
https://www.npmjs.com/advisories/886
Patch
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00052.html
https://github.com/npm/fstream/commit/6a77d2fa6e1462693cf8e46f930da96ec1b0bb22
Patch
Third Party Advisory
https://usn.ubuntu.com/4123-1/
https://www.npmjs.com/advisories/886
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fstream_project:fstream:*:*:*:*:*:node.js:*:*

Версия до 1.0.12 (исключая)

EPSS

Процентиль: 62%

0.0043

Низкий

7.5 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-59

Связанные уязвимости

CVE-2019-13173

CVSS3: 7.5

ubuntu

больше 6 лет назад

CVE-2019-13173

CVSS3: 7.3

redhat

больше 6 лет назад

CVE-2019-13173

CVSS3: 7.5

debian

больше 6 лет назад

fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extra ...

openSUSE-SU-2019:1907-1

suse-cvrf

больше 6 лет назад

Security update for nodejs8

openSUSE-SU-2019:1846-1

suse-cvrf

больше 6 лет назад

Security update for nodejs10

EPSS

Процентиль: 62%

0.0043

Низкий

7.5 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-59