Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2019-13173
Good to know:
Date: July 2, 2019
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
Language: Java
Severity Score
Related Resources (9)
Severity Score
Weakness Type (CWE)
Top Fix
Upgrade Version
Upgrade to version lukesnowden/application-base - no_fix;kayrules/solatjakim-api-site - dev-version-1.0;AutoRest - no_fix;oburatongoi/productivity - 0.0.13;oburatongoi/productivity - 0.0.1;oburatongoi/productivity - no_fix;angellco/spoon - 3.2.5;Ncapsulate.Node.Shadow - no_fix;Yarn.MSBuild - 0.22.0;Yarn.MSBuild - 0.24.6;nodejs-v.0.8.16 - no_fix;Inferno.Bunyan - no_fix;SystemExt.Languages.Node.runtime.linux-arm - no_fix;seidemann-web/wave-theme - dev-fixUpLanguageConstants;seidemann-web/wave-theme - no_fix;seidemann-web/wave-theme - dev-omage-theme;seidemann-web/wave-theme - dev-WT-36/Sticky-Header-Fixes;adrexia/silverstripe-gumby-theme - 2;Betclic.BuildTools.Node - no_fix;SystemExt.Languages.Node.runtime.linux-arm64 - no_fix;spiral/toolkit - v0.8.18;spiral/toolkit - v0.9.0;spiral/toolkit - v0.8.20;doublesecretagency/craft-spoon - 3.2.5;Yeoman - no_fix;NC.Frontend.Env - no_fix;greenpeace/planet4-child-theme-storytelling - dev-old-ui;greenpeace/planet4-child-theme-storytelling - v0.9.7;greenpeace/planet4-child-theme-storytelling - v0.12;chrisbraybrooke/laravel-ecommerce - 0.0.2;chrisbraybrooke/laravel-ecommerce - 0.0.17;chrisbraybrooke/laravel-ecommerce - dev-form-field-key;chrisbraybrooke/laravel-ecommerce - 0.0.56;jadu/pulsar - 1.0.16;Ncapsulate.Node - no_fix;NodeEnv - no_fix;z3/t3build-node - 1.0.11;adrexia/silverstripe-pure - no_fix;PWPTemplateCMS - no_fix;Sheeler.AngularTemplate - no_fix;Npm.js - no_fix;Fable.Library.Template - no_fix;mmi/mmi-cms - 2.3.1;Node-Kit - no_fix;deltasystems/dewdrop - dev-hotfix-check-href;node-sass-bundle - 1.0.2;node-sass-bundle - no_fix;dreamfactory/df-api-docs-ui - 1.1.0;Ncapsulate.Bower - no_fix;ilhanet/erpnet-widget-resource - no_fix;Npm-Shift - no_fix;pwptemplatepusintek - no_fix;scancode/portal-module - v0.0.22;scancode/portal-module - v1.0.1;oxid-esales/wave-theme - dev-oxscript-google-analytics;badsyntax/jquery-spellchecker - 0.2.4;NodeInt - no_fix;ng-grid - 2.0.4;MIDIator.WebClient - 1.0.105;NodeBin - no_fix;SystemExt.Languages.Node.runtime.osx-x64 - no_fix;Fable.Template.Elmish.React - 0.1.6;Bower - no_fix;computerundsound/curserver - 2.2.0;computerundsound/curserver - no_fix;trezebits/trezevel-gallery - no_fix;tombeachell/forza-magento - no_fix;fstream - 1.0.12;Npm - no_fix;Yarnpkg.Yarn - 0.26.1;Pvc.Runtime.NodeJs - no_fix;Npm3 - no_fix;Pvc.Browserify - 0.0.1.1;Sheelersoft.AngularTemplate - no_fix;zymawy/ironside-core - dev-utils;Tools.Npm - no_fix;SystemExt.Languages.Node.runtime.linux-x64 - no_fix;org.webjars:npm:no_fix;org.webjars:npm:4.0.2;org.webjars:npm:4.4.4;org.webjars:npm:5.0.0-1;org.webjars:browser-sync:no_fix;org.webjars.bower:jsonpath-object-transform:no_fix;org.webjars.npm:fstream:1.0.12;org.webjars:fstream:no_fix;org.webjars.npm:bower:1.8.12;org.webjars.bower:npm:no_fix
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | HIGH |
| Availability (A): | NONE |
CVSS v2
| Base Score: |
|
|---|---|
| Access Vector (AV): | NETWORK |
| Access Complexity (AC): | LOW |
| Authentication (AU): | NONE |
| Confidentiality (C): | NONE |
| Integrity (I): | PARTIAL |
| Availability (A): | PARTIAL |
| Additional information: |