Lucene search
K

4 matches found

OSV
OSV
added 2026/06/15 4:36 p.m.6 views

GHSA-7C78-JF6Q-G5CM tmp: Type-confusion bypass of _assertPath allows path traversal via non-string prefix/postfix/template

Summary The assertPath guard added to [email protected] rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'..' returns falsy but whose stringification still contains ../...

8.2CVSS5.6AI score0.00496EPSS
Exploits1References3
OSV
OSV
added 2026/06/11 5:16 p.m.4 views

DEBIAN-CVE-2026-44705

tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal sequences e.g., ....

8.2CVSS5.3AI score0.00354EPSS
Exploits1References1
OSV
OSV
added 2026/06/11 5:16 p.m.5 views

UBUNTU-CVE-2026-49982

tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'....

8.2CVSS5.3AI score0.00496EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/11 3:45 p.m.29 views

CVE-2026-49982 tmp: Type-confusion bypass of _assertPath in [email protected] allows path traversal via non-string prefix/postfix/template

tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'....

8.2CVSS0.00496EPSS
Exploits1References1
Rows per page
Query Builder