oui
oui copied to clipboard
opensearch-project
eslint-6.8.0.tgz: 1 vulnerabilities (highest severity is: 2.5)
Vulnerable Library - eslint-6.8.0.tgz
Path to dependency file: /packages/eslint-plugin/package.json
Vulnerabilities
| Vulnerability | Severity |  CVSS |
Dependency | Type | Fixed in (eslint version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2025-54798 |  Low |
2.5 | tmp-0.0.33.tgz | Transitive | 7.3.0 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2025-54798
Vulnerable Library - tmp-0.0.33.tgz
Temporary file and directory creator
Library home page: https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz
Dependency Hierarchy:
- eslint-6.8.0.tgz (Root Library)
- inquirer-7.3.3.tgz
- external-editor-3.1.0.tgz
- :x: tmp-0.0.33.tgz (Vulnerable Library)
- external-editor-3.1.0.tgz
- inquirer-7.3.3.tgz
Found in base branch: main
Vulnerability Details
tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.
Publish Date: 2025-08-07
URL: CVE-2025-54798
CVSS 3 Score Details (2.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-52f5-9888-hmc6
Release Date: 2025-08-07
Fix Resolution (tmp): 0.2.4
Direct dependency fix Resolution (eslint): 7.3.0
![mend-for-github-com[bot] avatar](https://avatars.githubusercontent.com/in/30796?v=4 "Published by a pub.dev verified publisher"){kind=small}