Time of Check Time of Use (TOCTOU)
Affecting chownr package, ALL versions
medium severity
Overview
Affected versions of chownr are vulnerable to Time of Check Time of Use (TOCTOU). It does not dereference symbolic links and changes the owner of the link.
Remediation
There is no fix version for chownr.
References
Do your applications use this vulnerable package?
- Credit
- pravi
- CWE
- CWE-264
- Snyk ID
- npm:chownr:20180731
- Disclosed
- 31 Jul, 2018
- Published
- 31 Jul, 2018