fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| fstream(npm) | 0 | 1.0.12 | N/A |
CVSS Metrics
