NodeJS/chownr/1.0.1
like `chown -R`
https://www.npmjs.com/package/chownr
ISC
1 Security Vulnerabilities
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr
Published date: 2022-02-10T23:33:39Z
CVE: CVE-2017-18869
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2017-18869
- https://github.com/isaacs/chownr/issues/14
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863985
- https://bugzilla.redhat.com/show_bug.cgi?id=1611614
- https://snyk.io/vuln/npm:chownr:20180731
- https://github.com/advisories/GHSA-c6rq-rjc2-86v2
- https://github.com/isaacs/chownr/commit/36a93e3f0a220062c47b237cf6ab6d5f55cd79c9
- https://github.com/isaacs/chownr/commit/a631d841022880e5c8d694408a7e96d6d576d0ce
A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.
Affected versions:
["0.0.1", "0.0.2", "1.0.0", "1.0.1"]
Secure versions:
[1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 2.0.0, 3.0.0]
Recommendation:
Update to version 3.0.0.
11 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
3.0.0 | BlueOak-1.0.0 | 2024-04-06 - 21:32 | 25 days | |
2.0.0 | ISC | 2020-02-12 - 02:33 | about 4 years | |
1.1.4 | ISC | 2020-02-12 - 02:30 | about 4 years | |
1.1.3 | ISC | 2019-09-25 - 05:49 | over 4 years | |
1.1.2 | ISC | 2019-07-03 - 21:32 | almost 5 years | |
1.1.1 | ISC | 2018-09-16 - 03:14 | over 5 years | |
1.1.0 | ISC | 2018-09-16 - 00:23 | over 5 years | |
1.0.1 | ISC | 1 | 2015-08-09 - 22:24 | over 8 years |
1.0.0 | ISC | 1 | 2015-08-09 - 22:22 | over 8 years |
0.0.2 | ISC | 1 | 2015-05-20 - 07:04 | almost 9 years |
0.0.1 | BSD | 1 | 2012-06-04 - 04:01 | almost 12 years |