CVE-2024-24828

An incorrect default permissions vulnerability was found in pkg. This issue allows an attacker who has access to the /tmp/pkg/ on the local system to replace the genuine executables in the shared directory with malicious executables of the same name...

CVE-2024-24828

creationtimestamp| type| source ---|---|--- 2024-02-10 00:21:30+00:00| seen| https://t.me/ctinow/182360 2024-02-11 13:28:55+00:00| seen| https://t.me/arpsyndicate/3387 2024-02-15 06:26:32+00:00| seen| https://t.me/ctinow/185253 2024-03-03 09:16:26+00:00| seen| https://t.me/ctinow/198612...

CVE-2024-24828

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within...

CVE-2024-24828 Local Privilege Escalation in execuatables bundled by pkg

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within...

007putra-my-bot (=1.1.1), 8mb (>=1.0.1 <=1.1.4) +753 more potentially affected by CVE-2024-24828 via pkg (>=0.0.1-1 <=5.8.1)

pkg NPM version =0.0.1-1, =1.0.1, =0.2.0, =1.0.0, =1.0.0, =2.5.16, =2.7.7, =2.7.7, =1.0.1, =3.32.1, =1.0.20-beta, =10.38.1--canary.2299.2e83683.0, =0.8.0-rc.1, =0.2.0, =1.0.0, =1.0.2 and more Source cves: CVE-2024-24828 Source advisory: OSV:GHSA-22R3-9W55-CJ54...