Insecure use of Tmp files
Affecting sync-exec package, ALL versions
sync-exec is an fs.execSync replacement for node <0.12.
Affected versions of this package use tmp directories in an insecure way. The file to create will allways return
true, regardess if the directory already exists and/or belongs to another user. Any user on the server may read the contents of this tmp file and may expose confidential information to an attacker.
There is no fix version for
Do your applications use this vulnerable package?
- Snyk ID
- 24 Jan, 2016
- 16 Apr, 2017