OESA-2022-1584

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1584

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2022-1584.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2022-1584

Upstream

CVE-2019-13173

Published

2022-03-19T11:03:38Z

Modified

2025-08-12T05:04:13.926588Z

Summary

nodejs-fstream security update

Details

Provides advanced file system stream objects for Node.js. These objects are like FS streams, but with stat on them, and support directories and symbolic links, as well as normal files. Also, you can use them to set the stats on a file, even if you don't change its contents, or to create a symlink, etc.

Security Fix(es):

fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.(CVE-2019-13173)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / nodejs-fstream

Package

Name: nodejs-fstream
Purl: pkg:rpm/openEuler/nodejs-fstream&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.12-1.oe1

Ecosystem specific

{
    "noarch": [
        "nodejs-fstream-1.0.12-1.oe1.noarch.rpm"
    ],
    "src": [
        "nodejs-fstream-1.0.12-1.oe1.src.rpm"
    ]
}

openEuler:20.03-LTS-SP2 / nodejs-fstream

Package

Name: nodejs-fstream
Purl: pkg:rpm/openEuler/nodejs-fstream&distro=openEuler-20.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.12-1.oe1

Ecosystem specific

{
    "noarch": [
        "nodejs-fstream-1.0.12-1.oe1.noarch.rpm"
    ],
    "src": [
        "nodejs-fstream-1.0.12-1.oe1.src.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / nodejs-fstream

Package

Name: nodejs-fstream
Purl: pkg:rpm/openEuler/nodejs-fstream&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.12-1.oe1

Ecosystem specific

{
    "noarch": [
        "nodejs-fstream-1.0.12-1.oe1.noarch.rpm"
    ],
    "src": [
        "nodejs-fstream-1.0.12-1.oe1.src.rpm"
    ]
}