Description
Versions of atompm prior to 0.8.2 are vulnerable to Unauthorized File Access. The package fails to sanitize relative paths in the URL for file downloads, allowing attackers to download arbitrary files from the system.
Recommendation
Update the atompm package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.8.2
- Patched version(s): 0.8.2
References
Related Issues
- Firebase vulnerable to CRSF attack - CVE-2024-4128
- Cube API denial of service attack - CVE-2023-50709
- Prototype Pollution in protobufjs - CVE-2022-25878
- Cross-Site Scripting in highcharts - Vulnerability
- Tags:
- npm
- atompm
Anything's wrong? Let us know Last updated on January 09, 2023