4 matches found
Race Condition Enabling Link Following
Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following in the handling of procfs file writes. An attacker can cause arbitrary writes to sensitive files or trigger a denial of service by redirecting write operations through race conditions and...
Race Condition Enabling Link Following
Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following in the handling of procfs file writes. An attacker can cause arbitrary writes to sensitive files or trigger a denial of service by redirecting write operations through race conditions and...
GHSA-6XV5-86Q9-7XR8 SecureJoin: on windows, paths outside of the rootfs could be inadvertently produced
Impact For Windows users of github.com/cyphar/filepath-securejoin, until v0.2.4 it was possible for certain rootfs and path combinations in particular, where a malicious Unix-style /-separated unsafe path was used with a Windows-style rootfs path to result in generated paths that were outside of...
SecureJoin: on windows, paths outside of the rootfs could be inadvertently produced
Impact For Windows users of github.com/cyphar/filepath-securejoin, until v0.2.4 it was possible for certain rootfs and path combinations in particular, where a malicious Unix-style /-separated unsafe path was used with a Windows-style rootfs path to result in generated paths that were outside of...