A TOCTOU issue in the chownr package prior to 1.1.0 for Node.js 10.10 could allow a local malicious user to trick it into descending into unintended directories via symlink attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
chownr project chownr |