Description
Versions of atompm prior to 0.8.2 are vulnerable to Unauthorized File Access. The package fails to sanitize relative paths in the URL for file downloads, allowing attackers to download arbitrary files from the system.
Recommendation
Update the atompm package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.8.2
- Patched version(s): 0.8.2
References
Related Issues
- PostCSS line return parsing error - CVE-2023-44270
- mavo DOM Clobbering vulnerability - CVE-2024-53388
- Cube API denial of service attack - CVE-2023-50709
- Prototype Pollution in protobufjs - CVE-2022-25878
- Tags:
- npm
- atompm
Anything's wrong? Let us know Last updated on January 09, 2023