MiracleLinux 7 : rh-nodejs8-nodejs-8.17.0-2.el7 (AXSA:2020-200:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-200:01 advisory. nodejs-brace-expansion: Regular expression denial of service CVE-2017-18077 nodejs-chownr: TOCTOU vulnerability in chownr function in chownr.js...

EUVD-2022-0956

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-18869

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via...

RHEL 7 : rh-nodejs8-nodejs (RHSA-2020:2625)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2625 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

421752593pro (=5.6.0), @csltech/strong-nginx-controller (>=1.0.2 <=1.0.3) +132 more potentially affected by CVE-2017-18869 via chownr (>=0.0.1 <=1.0.1)

chownr NPM version =0.0.1, =1.0.2, =7.0.0, =0.7.2, =1.0.0, =0.0.1, =1.16.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =2.0.0, =0.0.1, =1.0.1, =1.0.3 and more Source cves: CVE-2017-18869 Source advisory: OSV:GHSA-C6RQ-RJC2-86V2...

Time-of-check Time-of-use (TOCTOU) Race Condition in chownr

A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks...

GHSA-C6RQ-RJC2-86V2 Time-of-check Time-of-use (TOCTOU) Race Condition in chownr

A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks...

MGASA-2021-0169 Updated nodejs-chownr packages fix security vulnerability

Updated nodejs-chownr package fixes security vulnerability: A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks CVE-2017-18869...

Updated nodejs-chownr packages fix security vulnerability

Updated nodejs-chownr package fixes security vulnerability: A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks CVE-2017-18869...

nodejs-chownr: TOCTOU vulnerability in `chownr` function in chownr.js

A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks...

CVE-2017-18869

A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks...

chownr package competitive conditions issue vulnerability

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine from Joyent, Inc. The platform is used to build highly scalable applications and write code that can handle tens of thousands of simultaneous connections to a physical machine. chownr package is one of the...

CVE-2017-18869

A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks...

DEBIAN-CVE-2017-18869

A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks...

CVE-2017-18869

A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks...

CVE-2017-18869

A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks...

Design/Logic Flaw

A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks...

UBUNTU-CVE-2017-18869

A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks...

CVE-2017-18869

CVE-2017-18869 : A TOCTOU vulnerability in the chownr package (Node.js 10.10) could allow a local attacker to trick the code into descending into unintended directories via symlink attacks. Root cause: TOCTOU in chownr.js. Impact: local privilege-limited access through directory traversal. Remedi...

CVE-2017-18869

A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks...