dredd-transactions@8.1.1

Vulnerabilities 1 via 1 paths
Dependencies 189
Source npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0
high severity

Arbitrary File Overwrite

  • Vulnerable module: tar
  • Introduced through: fury-adapter-apib-parser@0.14.0

Detailed paths

  • Introduced through: dredd-transactions@8.1.1 fury-adapter-apib-parser@0.14.0 drafter@2.0.0-pre.1 protagonist@2.0.0-pre.5 node-gyp@3.8.0 tar@2.2.1

Overview

tar is a full-featured Tar for Node.js.

Affected versions of this package are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hard-link to a file that already exists in the system, and a file that matches the hard-link may overwrite system's files with the contents of the extracted file.

Remediation

Upgrade tar to version 4.4.2 or higher.

References