yieme
commented
7 years ago This is flagged as a security problem at https://nodesecurity.io/advisories/310
Open maxnikulin opened 8 years ago
yieme
commented
7 years ago This is flagged as a security problem at https://nodesecurity.io/advisories/310
huntr-helper
commented
4 years ago 🛠️ A fix has been provided for this issue. Please reference: https://github.com/418sec/sync-exec/pull/1
🔥 This fix has been provided through the https://huntr.dev/ bug bounty platform.
The module uses temporary directories but creates them in an insecure way.
Besides general issues related to making of tmp files, the implementation in sync-exec/coffee/lib/create-pipes.coffee does not handle errors. The variable created is set to true even if the directory already exists and belong to another user. It seems that errors should be handled by callback, but it is inconsistent with synchronous usage of fs.mkdir.
Some node modules were suggested in response to the stackoverflow question "nodejs - Temporary file name [closed]" More details related to the issue is given in "Creating temporary files securely" This kind of vulnerabilities is discussed in general in CWE-377: Insecure Temporary File