Closed silkentrance closed 4 years ago
all existing and current code base.
options.template can contain arbitrary absolute or relative paths.
Depending on the effective user, tmp will be able to create or delete or replace arbitrary files in the file system.
This can be a major security concern, depending on how applications make use of tmp.
This requires #143.
With #143 in place this should no longer be a problem unless one is capable of injecting paths relative to the configure default or user provided tmp dir.
Still a problem. Reopening.
Operating System
NodeJS Version
Tmp Version
all existing and current code base.
Expected Behavior
options.template can contain arbitrary absolute or relative paths.
Experienced Behavior
Depending on the effective user, tmp will be able to create or delete or replace arbitrary files in the file system.
Security Concern
This can be a major security concern, depending on how applications make use of tmp.