Back to bug 1999745
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Guilherme de Almeida Suckevicz | 2021-08-31 16:58:26 UTC | Blocks | 1999749 | |
| Eric Christensen | 2021-09-02 13:33:39 UTC | Doc Text | A flaw was found in nodejs-arborist. Arborist could write package dependencies to any arbitrary location on the file system if an attacker had replaced a project folder with a symbolic link in the node_modules folder. The highest threat from this vulnerability is to data integrity and system availability. | |
| Laurie Morse | 2021-09-24 15:19:09 UTC | CC | lmorse | |
| Cedric Buissart | 2021-12-06 13:32:35 UTC | CC | hhorak, jorton, nodejs-maint, zsvetlik | |
| Cedric Buissart | 2021-12-06 15:29:46 UTC | Fixed In Version | nodejs-nmcli-arborist 2.8.2 | |
| Cedric Buissart | 2021-12-06 15:47:19 UTC | Fixed In Version | nodejs-nmcli-arborist 2.8.2 | nodejs-nmcli-arborist 2.8.2, npm 7.21.0 |
| Cedric Buissart | 2021-12-06 15:50:08 UTC | Fixed In Version | nodejs-nmcli-arborist 2.8.2, npm 7.21.0 | nodejs-npmcli-arborist 2.8.2, npm 7.21.0 |
| Cedric Buissart | 2021-12-06 16:34:31 UTC | Comment | 3 | updated |
| Cedric Buissart | 2021-12-06 18:46:14 UTC | CC | mrunge, nodejs-sig, sgallagh, thrcka | |
| Cedric Buissart | 2021-12-06 18:46:54 UTC | Depends On | 2029557 | |
| Cedric Buissart | 2021-12-06 19:08:53 UTC | CC | psegedy | |
| Red Hat Bugzilla | 2022-12-17 07:26:02 UTC | CC | lmorse | |
| Red Hat Bugzilla | 2023-07-07 08:29:47 UTC | Assignee | security-response-team | nobody |
Back to bug 1999745