The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'npmcli/arborist' before version 2.8.2 is vulnerable to Arbitrary File Creation, Arbitrary File Overwrite in Arbitrary Code Execution in case-insensitive file systems.
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'npmcli/arborist' before version 2.8.2 is vulnerable to Arbitrary File Creation, Arbitrary File Overwrite in Arbitrary Code Execution in case-insensitive file systems.
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/ https://github.com/npm/arborist/security/advisories/GHSA-2h4h-q99f-3fhc
Even though the advisory only mentions Windows's and MacOS's filesystems as case insensitive an ext4 file system can be configured to be case-insensitive. https://lwn.net/Articles/784041/