Hackskop

Name of the Vulnerable Software and Affected Versions: chownr package versions prior to 1.1.0 for Node.js 10.10 Description: The issue is related to a TOCTOU (Time-of-Check-to-Time-of-Use) problem in the chownr package, which can be exploited by a local attacker to trick it into descending into unintended directories via symlink attacks. This can potentially allow an attacker to gain unauthorized access to arbitrary directories. Recommendations: For versions prior to 1.1.0, update the chownr package to version 1.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the chownr package until a patch is available.