GHSA-v86x-f47q-f7f4 – atompm

Package

Manager: npm
Name: atompm
Vulnerable Version: >=0 <0.8.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Unauthorized File Access in atompm Versions of `atompm` prior to 0.8.2 are vulnerable to Unauthorized File Access. The package fails to sanitize relative paths in the URL for file downloads, allowing attackers to download arbitrary files from the system. ## Recommendation Upgrade to version 0.8.2 or later.

Metadata

Created: 2020-09-11T21:09:24Z
Modified: 2020-08-31T18:42:01Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-v86x-f47q-f7f4/GHSA-v86x-f47q-f7f4.json
CWE IDs: ["CWE-200"]
Alternative ID: N/A
Finding: F017
Auto approve: 1