You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I can verify this is still an issue.
This is the output from running npm audit in a repository with the latest version of nw-gyp installed:
tar <=4.4.17
Severity: high
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-qq89-hq3f-393p
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
No fix available
node_modules/tar
nw-gyp *
Depends on vulnerable versions of tar
node_modules/nw-gyp
2 high severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
I verified that the latest version of node-gyp doesn't have this and I'd think a rebase is in due time.
See here https://nvd.nist.gov/vuln/detail/CVE-2018-20834
The text was updated successfully, but these errors were encountered: