Description
Versions of atompm prior to 0.8.2 are vulnerable to Unauthorized File Access. The package fails to sanitize relative paths in the URL for file downloads, allowing attackers to download arbitrary files from the system.
Recommendation
Update the atompm package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.8.2
- Patched version(s): 0.8.2
References
Related Issues
- Unauthorized File Access in harp - CVE-2019-5437
- Unauthorized File Access in harp (GHSA-6fmm-47qc-p4m4) - CVE-2019-5438
- Phishing attack vulnerability by uploading malicious HTML file - CVE-2023-32689
- Unauthorized Access to Private Fields in User Registration API (GHSA-gc7p-j5xm-xxh2) - CVE-2023-39345
- Tags:
- npm
- atompm
Anything's wrong? Let us know Last updated on January 09, 2023