1 results (0.001 seconds)
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-16024
https://notcve.org/view.php?id=CVE-2017-16024
04 Jun 2018 — The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists. El módulo sync-exec se emplea para simular child_process.execSync en la versiones de node anteriores a la 0.11.9. Sync-exec emplea directorios tmp como búfer antes de ... • https://cwe.mitre.org/data/definitions/377.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-377: Insecure Temporary File •