EUVD-2018-0725

Malware in sbrugna...

GHSA-38H8-X697-GH8Q Tmp files readable by other users in sync-exec

Affected versions of sync-exec use files located in /tmp/ to buffer command results before returning values. As /tmp/ is almost always set with world readable permissions, this may allow low privilege users on the system to read the results of commands run via sync-exec under a higher privilege...

5aces-service-registry (=1.0.1), 5aces-service-root (>=1.0.1 <=1.0.3) +964 more potentially affected by CVE-2017-16024 via sync-exec (>=0.3.2 <=0.6.2)

sync-exec NPM version =0.3.2, =1.0.1, =3.0.0, =3.2.0, =1.0.0, =1.0.0, =1.0.0, =0.1.5, =2.3.5, =0.1.12-alpha.0, =0.0.2, =0.0.3 and more Source cves: CVE-2017-16024 Source advisory: OSV:GHSA-38H8-X697-GH8Q...

Tmp files readable by other users in sync-exec

Affected versions of sync-exec use files located in /tmp/ to buffer command results before returning values. As /tmp/ is almost always set with world readable permissions, this may allow low privilege users on the system to read the results of commands run via sync-exec under a higher privilege...

sync-exec information disclosure vulnerability

sync-exec is a synchronized executable with status code support. A security vulnerability exists in sync-exec versions prior to 0.11.9, which stems from another user on the server having read access to the tmp directory. An attacker can use this vulnerability to obtain sensitive file information ...

CVE-2017-16024

The sync-exec module is used to simulate childprocess.execSync in node versions 0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential informati...

CVE-2017-16024

The sync-exec module is used to simulate childprocess.execSync in node versions 0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential informati...

Buffer overflow

The sync-exec module is used to simulate childprocess.execSync in node versions 0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential informati...

CVE-2017-16024

The sync-exec module is used to simulate childprocess.execSync in node versions 0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential informati...

CVE-2017-16024

The CVE-2017-16024 entry concerns the sync-exec module, used to simulate Node.js child_process.execSync in Node versions

Information Disclosure

sync-exec is vulnerable to information disclosure attacks. It uses a world readable tmp directory as a buffer before returning values. Since this directory is world-readable, any other user on the server is able to read the temporary files while they exist, potentially obtaining confidential...

Tmp files readable by other users

Overview Affected versions of sync-exec use files located in /tmp/ to buffer command results before returning values. As /tmp/ is almost always set with world readable permissions, this may allow low privilege users on the system to read the results of commands run via sync-exec under a higher...