3 matches found
5aces-service-registry (=1.0.1), 5aces-service-root (>=1.0.1 <=1.0.3) +965 more potentially affected by CVE-2017-16024 via sync-exec (>=0.3.2 <=0.6.2)
sync-exec NPM version =0.3.2, =1.0.1, =3.0.0, =3.2.0, =1.0.0, =1.0.0, =1.0.0, =0.1.5, =2.3.5, =0.1.12-alpha.0, =0.1.16 and more Source cves: CVE-2017-16024 Source advisory: OSV:GHSA-38H8-X697-GH8Q...
CVE-2017-16024
The sync-exec module is used to simulate childprocess.execSync in node versions 0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential informati...
CVE-2017-16024
The CVE-2017-16024 entry concerns the sync-exec module, used to simulate Node.js child_process.execSync in Node versions