Lucene search

K
redhatcveRedhat.comRH:CVE-2021-39134
HistorySep 01, 2021 - 7:01 p.m.

CVE-2021-39134

2021-09-0119:01:22
redhat.com
access.redhat.com
13

0.001 Low

EPSS

Percentile

28.2%

A flaw was found in nodejs-arborist. On case-insensitive file systems (such as macOS and Windows), Arborist’s internal data structure did not see multiple dependencies as separate items that could coexist within the same level in the node_modules hierarchy when they differ only in the case of their name. This issue, combined with a symlink dependency such as file:/some/path, allows an attacker to create a situation in which arbitrary contents are written to any location on the filesystem. The highest threat from this vulnerability is to integrity and system availability.