Количество 2
Количество 2
CVE-2017-16024
The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists.
GHSA-38h8-x697-gh8q
Tmp files readable by other users in sync-exec
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-16024 The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists. | CVSS3: 6.5 | 0% Низкий | около 7 лет назад |
| GHSA-38h8-x697-gh8q Tmp files readable by other users in sync-exec | CVSS3: 6.5 | 0% Низкий | больше 6 лет назад |
Уязвимостей на страницу