dredd@9.0.4

Vulnerabilities 1 via 1 paths
Dependencies 279
Source npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0
high severity

Arbitrary File Overwrite

  • Vulnerable module: tar
  • Introduced through: dredd-transactions@7.0.0

Detailed paths

  • Introduced through: dredd@9.0.4 dredd-transactions@7.0.0 fury-adapter-apib-parser@0.13.0-beta drafter@2.0.0-pre.1 protagonist@2.0.0-pre.5 node-gyp@3.8.0 tar@2.2.1

Overview

tar is a full-featured Tar for Node.js.

Affected versions of this package are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hard-link to a file that already exists in the system, and a file that matches the hard-link may overwrite system's files with the contents of the extracted file.

Remediation

Upgrade tar to version 4.4.2 or higher.

References