buzz-captions@1.2.0 vulnerabilities

latest version

1.2.0

first published

1 years ago

latest version published

28 days ago

licenses detected

MIT
[0,)

View buzz-captions package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the buzz-captions package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
L Insecure Temporary File Affected versions of this package are vulnerable to Insecure Temporary File through the use of the deprecated `mktemp()` function, there is a risk of race conditions. This occurs because the function generates a temporary file name without ensuring exclusive access, allowing an opportunity for an attacker to manipulate the file before it is opened by the original process. This is only exploitable if the attacker has local access and the ability to execute their own code on the machine. Note: How to fix Insecure Temporary File? There is no fixed version for `buzz-captions`.	[0,)

Insecure Temporary File

Affected versions of this package are vulnerable to Insecure Temporary File through the use of the deprecated mktemp() function, there is a risk of race conditions. This occurs because the function generates a temporary file name without ensuring exclusive access, allowing an opportunity for an attacker to manipulate the file before it is opened by the original process.

This is only exploitable if the attacker has local access and the ability to execute their own code on the machine.

Note:

How to fix Insecure Temporary File?

There is no fixed version for buzz-captions.

[0,)

Go back to all versions of this package