Arbitrary File Write
Affecting frvr package, ALL versions
Do your applications use this vulnerable package?
Test your applications
Overview
frvr
is Minimalist forever.
Affected versions of the package are vulnerable to Arbitrary File Write.
Thanks to Liang Gong for disclosing this vulnerability!
Remediation
There is no fix version for frvr
.
References
CVSS Score
7.3
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityLow
-
IntegrityLow
-
AvailabilityLow
- Credit
- Liang Gong
- CWE
- CWE-626
- Snyk ID
- npm:frvr:20170511
- Disclosed
- 11 May, 2017
- Published
- 07 Jun, 2017