Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Arbitrary File Overwrite vulnerabilities in an interactive lesson.
Start learningUpgrade github.com/thoughtworks/talisman/report
to version 1.6.0 or higher.
github.com/thoughtworks/talisman/report is a tool that installs a hook to your repository to ensure that potential secrets or sensitive information do not leave the developer's workstation.
Affected versions of this package are vulnerable to Arbitrary File Overwrite. When scanning a repository that includes a symlink under talisman_reports/data/report.json
, talisman will overwrite the file pointed by the symlink.
echo 123 > /tmp/data
talisman_reports/data/report.json
symlinked to /tmp/data
talisman -s
/tmp/data