| Severity |
|
| Remote |
|
| Type |
| + |
Arbitrary code execution |
|
| Description |
| + |
The 'nodejs-lts-erbium' and 'nodejs-lts-fermium' core dependency 'npmcli/arborist' before version 2.8.2 is vulnerable to Arbitrary File Creation, Arbitrary File Overwrite in Arbitrary Code Execution in case-insensitive file systems. |
|
| References |
| + |
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/ |
| + |
https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc |
|
| Notes |
| + |
Even though the advisory only mentions Windows's and MacOS's filesystems as case insensitive an ext4 file system can be configured to be case-insensitive. |
| + |
|
| + |
https://lwn.net/Articles/784041/ |
|