Back to bug 1999744
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Guilherme de Almeida Suckevicz | 2021-08-31 16:58:26 UTC | Blocks | 1999749 | |
| RaTasha Tillery-Smith | 2021-09-01 18:48:31 UTC | Doc Text | A flaw was found in nodejs-arborist. On case-insensitive file systems (such as macOS and Windows), Arborist’s internal data structure did not see multiple dependencies as separate items that could coexist within the same level in the node_modules hierarchy when they differ only in the case of their name. This issue, combined with a symlink dependency such as file:/some/path, allows an attacker to create a situation in which arbitrary contents are written to any location on the filesystem. The highest threat from this vulnerability is to integrity and system availability. | |
| Cedric Buissart | 2021-12-06 13:34:38 UTC | CC | hhorak, jorton, nodejs-maint, zsvetlik | |
| Cedric Buissart | 2021-12-06 16:25:38 UTC | Fixed In Version | nodejs-npmcli-arborist 2.8.2, npm 7.21.0 | |
| Cedric Buissart | 2021-12-06 18:45:18 UTC | CC | mrunge, nodejs-sig, sgallagh, thrcka | |
| Cedric Buissart | 2021-12-06 18:45:39 UTC | Depends On | 2029556 | |
| Cedric Buissart | 2021-12-06 19:03:12 UTC | CC | psegedy | |
| Red Hat Bugzilla | 2023-07-07 08:31:45 UTC | Assignee | security-response-team | nobody |
Back to bug 1999744