Vulnerability chownr@1.0.1

Question

Vulnerability chownr@1.0.1

trollepierre opened this issue 6 years ago · comments

Medium severity vuln found in chownr@1.0.1, introduced via cacache@11.2.0
Description: Time of Check Time of Use (TOCTOU)
Info: https://snyk.io/vuln/npm:chownr:20180731
From: cacache@11.2.0 > chownr@1.0.1

Saran Tanpituckpong ✔️ · Answer 1 · Sun Sep 23 2018 01:53:41 GMT+0800 (China Standard Time)

This problem has been reported in isaacs/chownr#14.
It's partially solved in 1.1.0. But it still isn't completely gone.

Maybe cacache can use new chownr? 🤔

Bruno Bigras · Answer 2 · Mon Dec 03 2018 23:51:35 GMT+0800 (China Standard Time)

Any progress on this?