Vulnerability report for inventwo/iobroker.vis-icontwo

Vulnerabilities	1 via 2 paths
Dependencies	293
Source	GitHub
Commit	255e9130

Detailed paths

Introduced through: iobroker.vis-icontwo@inventwo/iobroker.vis-icontwo#255e91300e99dd8781816334478ec43eb315ed17 › np@10.2.0 › listr-input@0.2.1 › inquirer@7.3.3 › external-editor@3.1.0 › tmp@0.0.33
Introduced through: iobroker.vis-icontwo@inventwo/iobroker.vis-icontwo#255e91300e99dd8781816334478ec43eb315ed17 › np@10.2.0 › listr-input@0.2.1 › inquirer-autosubmit-prompt@0.2.0 › inquirer@6.5.2 › external-editor@3.1.0 › tmp@0.0.33

Overview

Affected versions of this package are vulnerable to Symlink Attack via the dir parameter. An attacker can cause files or directories to be written to arbitrary locations by supplying a crafted symbolic link that resolves outside the intended temporary directory.

PoC

const tmp = require('tmp');

const tmpobj = tmp.fileSync({ 'dir': 'evil-dir'});
console.log('File: ', tmpobj.name);

try {
    tmp.fileSync({ 'dir': 'mydir1'});
} catch (err) {
    console.log('test 1:', err.message)
}

try {
    tmp.fileSync({ 'dir': '/foo'});
} catch (err) {
    console.log('test 2:', err.message)
}

try {
    const fs = require('node:fs');
    const resolved = fs.realpathSync('/tmp/evil-dir');
    tmp.fileSync({ 'dir': resolved});
} catch (err) {
    console.log('test 3:', err.message)
}

Remediation

Upgrade tmp to version 0.2.4 or higher.

References

GitHub Commit

Vulnerabilities

Dependencies

Source

Commit

Find, fix and prevent vulnerabilities in your code.

medium severity

new

Symlink Attack

Detailed paths

Overview

PoC

Remediation

References

Vulnerabilities

Dependencies

Source

Commit

Find, fix and prevent vulnerabilities in your code.

medium severity new

Symlink Attack

Detailed paths

Overview

PoC

Remediation

References

medium severity

new