Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remediate High Fstream vulnerability #654

Open
Lilalamar opened this issue Dec 17, 2019 · 0 comments
Open

Remediate High Fstream vulnerability #654

Lilalamar opened this issue Dec 17, 2019 · 0 comments
Labels
security Ticket concerns platform security
Milestone
Q1 2020 Milestone 1

Comments

@Lilalamar
Copy link

Snyk reports the following High severity vulnerability in HumanCellAtlas/ingest-file-archiver. Please remediate by the end of Q1 Milestone 1.

Description

fstream

Suggested Remediation

Upgrade fstream to version 1.0.12 or higher.

Details

Affected versions of this package are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file.
@Lilalamar Lilalamar added the security Ticket concerns platform security label Dec 17, 2019
@Lilalamar Lilalamar added this to the Q1 2020 Milestone 1 milestone Dec 17, 2019
@MightyAx MightyAx removed their assignment Dec 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security Ticket concerns platform security
Projects
None yet
Milestone
Q1 2020 Milestone 1
Development

No branches or pull requests
2 participants
@MightyAx @Lilalamar