Do your applications use this vulnerable package?
Test your applications
Overview
lam
is Local app.
Affected versions of the package are vulnerable to Arbitrary File Write.
Thanks to Liang Gong for disclosing this vulnerability!
Remediation
There is no fix version for lam
.
References
CVSS Score
7.3
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityLow
-
IntegrityLow
-
AvailabilityLow
- Credit
- Liang Gong
- CWE
- CWE-626
- Snyk ID
- npm:lam:20170510
- Disclosed
- 10 May, 2017
- Published
- 07 Jun, 2017