[wp-trac] [WordPress Trac] #47175: TwentyNineteen Vulnerability Due To Old Dependency Version
WordPress Trac
noreply at wordpress.org
Tue May 7 23:22:21 UTC 2019
#47175: TwentyNineteen Vulnerability Due To Old Dependency Version
--------------------------+-----------------------------
Reporter: mikebronner | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Themes | Version:
Severity: major | Keywords:
Focuses: |
--------------------------+-----------------------------
Github reported the following:
CVE-2018-20834 More information
high severity
Vulnerable versions: < 4.4.2
Patched version: 4.4.2
A vulnerability was found in node-tar before version 4.4.2. An Arbitrary
File Overwrite issue exists when extracting a tarball containing a
hardlink to a file that already exists on the system, in conjunction with
a later plain file with the same name as the hardlink. This plain file
content replaces the existing file content.
Further details: https://nvd.nist.gov/vuln/detail/CVE-2018-20834
(I'm not considering this a sensitive security matter, as this
vulnerability has already been widely published.)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47175>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list