Time of Check Time of Use (TOCTOU)

Affecting chownr package, ALL versions

medium severity

Overview

Affected versions of chownr are vulnerable to Time of Check Time of Use (TOCTOU). It does not dereference symbolic links and changes the owner of the link.

Remediation

There is no fix version for chownr.

References

Do your applications use this vulnerable package?

Credit
pravi
CWE
CWE-264
Snyk ID
npm:chownr:20180731
Disclosed
31 Jul, 2018
Published
31 Jul, 2018