Description
Versions of atompm prior to 0.8.2 are vulnerable to Unauthorized File Access. The package fails to sanitize relative paths in the URL for file downloads, allowing attackers to download arbitrary files from the system.
Recommendation
Update the atompm package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.8.2
- Patched version(s): 0.8.2
References
Related Issues
- Unauthorized File Access in harp - harp - CVE-2019-5438
- Unauthorized File Access in harp - CVE-2019-5437
- Paperclip: Arbitrary File Read via Agent-Controlled adapterConfig.instructionsFilePath - Vulnerability
- Gatsby develop server has Local File Inclusion vulnerability - CVE-2023-34238
You might also like:
- Tags:
- npm
- atompm
Anything's wrong? Let us know Last updated on January 09, 2023


