CVE-2021-39134 - log back

CVE-2021-39134 edited at 31 Aug 2021 20:10:22
Remote
- Unknown
+ Local
CVE-2021-39134 created at 31 Aug 2021 19:58:48
Severity
+ Medium
Remote
+ Unknown
Type
+ Arbitrary code execution
Description
+ The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'npmcli/arborist' before version 2.8.2 is vulnerable to Arbitrary File Creation, Arbitrary File Overwrite in Arbitrary Code Execution in case-insensitive file systems.
References
+ https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/
+ https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc
Notes
+ Even though the advisory only mentions Windows's and MacOS's filesystems as case insensitive an ext4 file system can be configured to be case-insensitive.
+
+ https://lwn.net/Articles/784041/