Описание
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | nodejs:10/nodejs | Not affected | ||
| Red Hat Mobile Application Platform 4 | nodejs-fstream | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.11 | kibana | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | kibana | Will not fix | ||
| Red Hat Software Collections | rh-nodejs10-nodejs | Not affected | ||
| Red Hat Software Collections | rh-nodejs8-nodejs | Will not fix | ||
| Red Hat Virtualization 4 | ovirt-engine-api-explorer | Not affected | ||
| Red Hat Virtualization 4 | ovirt-engine-dashboard | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extra ...
EPSS
7.3 High
CVSS3