Severity |
|
Remote |
|
Type |
+ |
Arbitrary code execution |
|
Description |
+ |
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'npmcli/arborist' before version 2.8.2 is vulnerable to Arbitrary File Creation, Arbitrary File Overwrite in Arbitrary Code Execution in case-insensitive file systems. |
|
References |
+ |
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/ |
+ |
https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc |
|
Notes |
+ |
Even though the advisory only mentions Windows's and MacOS's filesystems as case insensitive an ext4 file system can be configured to be case-insensitive. |
+ |
|
+ |
https://lwn.net/Articles/784041/ |
|