14 lines
1.1 KiB
JSON
14 lines
1.1 KiB
JSON
{
|
|
"id": "openEuler-SA-2022-2084",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2084",
|
|
"title": "An update for nodejs-fstream is now available for openEuler-22.03-LTS",
|
|
"severity": "Important",
|
|
"description": "Provides advanced file system stream objects for Node.js. These objects are like FS streams, but with stat on them, and support directories and symbolic links, as well as normal files. Also, you can use them to set the stats on a file, even if you don't change its contents, or to create a symlink, etc.\r\n\r\nSecurity Fix(es):\r\n\r\nfstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.(CVE-2019-13173)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2019-13173",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13173",
|
|
"severity": "Important"
|
|
}
|
|
]
|
|
} |