Hide Forgot
Affected versions of this package are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file. Upstream patch: https://github.com/npm/fstream/commit/6a77d2fa6e1462693cf8e46f930da96ec1b0bb22 References: https://www.npmjs.com/advisories/886
Created nodejs-fstream tracking bugs for this issue: Affects: epel-all [bug 1710572] Affects: fedora-all [bug 1710571]
External References: https://www.npmjs.com/advisories/886
This vulnerability is out of security support scope for the following product: * Red Hat Mobile Application Platform Please refer to https://access.redhat.com/support/policy/updates/rhmap for more details