sync-exec icon indicating copy to clipboard operation
sync-exec copied to clipboard

Published 20 hours ago verified publisher icon gvarsanyi

Insecure temporary directores

Open maxnikulin opened this issue 9 years ago • 2 comments

The module uses temporary directories but creates them in an insecure way.

Besides general issues related to making of tmp files, the implementation in sync-exec/coffee/lib/create-pipes.coffee does not handle errors. The variable created is set to true even if the directory already exists and belong to another user. It seems that errors should be handled by callback, but it is inconsistent with synchronous usage of fs.mkdir.

Some node modules were suggested in response to the stackoverflow question "nodejs - Temporary file name [closed]" More details related to the issue is given in "Creating temporary files securely" This kind of vulnerabilities is discussed in general in CWE-377: Insecure Temporary File

maxnikulin avatar Jan 24 '16 07:01 maxnikulin

This is flagged as a security problem at https://nodesecurity.io/advisories/310

yieme avatar Apr 16 '17 17:04 yieme

‎‍🛠️ A fix has been provided for this issue. Please reference: https://github.com/418sec/sync-exec/pull/1

🔥 This fix has been provided through the https://huntr.dev/ bug bounty platform.

huntr-helper avatar Aug 25 '20 10:08 huntr-helper