Skip to content
This repository has been archived by the owner on Jul 3, 2019. It is now read-only.

Vulnerability chownr@1.0.1 #142

Open
trollepierre opened this issue Sep 12, 2018 · 2 comments
Open

Vulnerability chownr@1.0.1 #142

trollepierre opened this issue Sep 12, 2018 · 2 comments

Comments

@trollepierre
Copy link

Medium severity vuln found in chownr@1.0.1, introduced via cacache@11.2.0
Description: Time of Check Time of Use (TOCTOU)
Info: https://snyk.io/vuln/npm:chownr:20180731
From: cacache@11.2.0 > chownr@1.0.1
@gluons
Copy link

gluons commented Sep 22, 2018
edited

This problem has been reported in isaacs/chownr#14.
It's partially solved in 1.1.0. But it still isn't completely gone.

Maybe cacache can use new chownr? 🤔

@bbigras
Copy link

bbigras commented Dec 3, 2018

Any progress on this?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bbigras @gluons @trollepierre