2 matches found
SUSE CVE-2026-49982
tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'....
PT-2026-48678
Name of the Vulnerable Software and Affected Versions tmp version 0.2.6 Description A type-confusion issue exists in the assertPath guard. The guard only rejects string values containing the substring .., allowing it to be bypassed when prefix, postfix, or template are supplied as non-string valu...