CVE-2021-39134 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Arbitrary code execution
Description	The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'npmcli/arborist' before version 2.8.2 is vulnerable to Arbitrary File Creation, Arbitrary File Overwrite in Arbitrary Code Execution in case-insensitive file systems.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2461	nodejs-lts-fermium	14.17.4-1		High	Not affected
AVG-2339	nodejs-lts-erbium	12.22.4-2		High	Not affected

References
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/ https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc

Notes
Even though the advisory only mentions Windows's and MacOS's filesystems as case insensitive an ext4 file system can be configured to be case-insensitive. https://lwn.net/Articles/784041/